Action not permitted
Modal body text goes here.
cve-2020-11979
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Apache Ant |
Version: Apache Ant 1.10.8 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:48:57.549Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E" }, { "name": "FEDORA-2020-2640aa4e19", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/" }, { "name": "FEDORA-2020-92b1d001b3", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/" }, { "name": "FEDORA-2020-3ce0f55bc5", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/" }, { "name": "GLSA-202011-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202011-18" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm" }, { "name": "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Ant", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Apache Ant 1.10.8" } ] } ], "descriptions": [ { "lang": "en", "value": "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process." } ], "problemTypes": [ { "descriptions": [ { "description": "insecure temporary file vulnerability", "lang": "en", "type": "text" } ] }, { "descriptions": [ { "cweId": "CWE-379", "description": "CWE-379 Creation of Temporary File in Directory with Incorrect Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-04-19T23:21:10", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E" }, { "name": "FEDORA-2020-2640aa4e19", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/" }, { "name": "FEDORA-2020-92b1d001b3", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/" }, { "name": "FEDORA-2020-3ce0f55bc5", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/" }, { "name": "GLSA-202011-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202011-18" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm" }, { "name": "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2020-11979", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Ant", "version": { "version_data": [ { "version_value": "Apache Ant 1.10.8" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "insecure temporary file vulnerability" } ] }, { "description": [ { "lang": "eng", "value": "CWE-379 Creation of Temporary File in Directory with Incorrect Permissions" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E" }, { "name": "FEDORA-2020-2640aa4e19", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/" }, { "name": "FEDORA-2020-92b1d001b3", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/" }, { "name": "FEDORA-2020-3ce0f55bc5", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/" }, { "name": "GLSA-202011-18", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202011-18" }, { "name": "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "name": "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm", "refsource": "MISC", "url": "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm" }, { "name": "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E" }, { "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2020-11979", "datePublished": "2020-10-01T19:24:57", "dateReserved": "2020-04-21T00:00:00", "dateUpdated": "2024-08-04T11:48:57.549Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-11979\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2020-10-01T20:15:13.033\",\"lastModified\":\"2024-11-21T04:59:02.170\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.\"},{\"lang\":\"es\",\"value\":\"Como mitigaci\u00f3n para CVE-2020-1945, Apache Ant versi\u00f3n 1.10.8, cambi\u00f3 los permisos de los archivos temporales que cre\u00f3 para que solo el usuario actual pudiera acceder a ellos.\u0026#xa0;Desafortunadamente, la tarea fixcrlf elimin\u00f3 el archivo temporal y cre\u00f3 uno nuevo sin dicha protecci\u00f3n, anulando efectivamente el esfuerzo.\u0026#xa0;Esto podr\u00eda seguir permitiendo a un atacante inyectar archivos fuente modificados en el proceso de compilaci\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-379\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:ant:1.10.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7C6AA13-6D4A-44F8-99B2-68E1626DD57B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.8.0\",\"matchCriteriaId\":\"B216FC24-1136-430F-B480-E3CFA1838B4B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80C9DBB8-3D50-4D5D-859A-B022EB7C2E64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5553591-073B-45E3-999F-21B8BA2EEE22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2BEE49E-A5AA-42D3-B422-460454505480\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4FF66F7-10C8-4A1C-910A-EF7D12A4284C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"132CE62A-FBFC-4001-81EC-35D81F73AF48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"282150FF-C945-4A3E-8A80-E8757A8907EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"645AA3D1-C8B5-4CD2-8ACE-31541FA267F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBCE22C0-4253-40A5-89AE-499A3BC9EFF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB612B4A-27C4-491E-AABD-6CAADE2E249E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"539DA24F-E3E0-4455-84C6-A9D96CD601B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7637F8B-15F1-42E2-BE18-E1FF7C66587D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9901F6BA-78D5-45B8-9409-07FF1C6DDD38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FADE563-5AAA-42FF-B43F-35B20A2386C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D7C6438-6E88-41CD-BE34-90341030E41F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69300B13-8C0F-4433-A6E8-B2CE32C4723D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.0.9\",\"matchCriteriaId\":\"40F940AA-05BE-426C-89A3-4098E107D9A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FB8AE1F-FA6B-4A5E-AA5B-D0B7C78FE886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41C2C67B-BF55-4B48-A94D-1F37A4FAC68C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6762F207-93C7-4363-B2F9-7A7C6F8AF993\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B74B912-152D-4F38-9FC1-741D6D0B27FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.2.0\",\"versionEndIncluding\":\"16.2.11\",\"matchCriteriaId\":\"06CF27F6-ADC1-480C-9D2E-2BD1E7330C32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12.0\",\"versionEndIncluding\":\"17.12.9\",\"matchCriteriaId\":\"2D3D3B98-C309-4598-BBCD-AF944A13FDC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.7\",\"versionEndIncluding\":\"17.12\",\"matchCriteriaId\":\"08FA59A8-6A62-4B33-8952-D6E658F8DAC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D55A54FD-7DD1-49CD-BE81-0BE73990943C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82EB08C0-2D46-4635-88DF-E54F6452D3A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"202AD518-2E9B-4062-B063-9858AE1F9CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10864586-270E-4ACF-BDCC-ECFCD299305F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38340E3C-C452-4370-86D4-355B6B4E0A06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:real-time_decision_server:3.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C914A8CA-352B-4B02-8A2F-D5A6EC04AF53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:real-time_decision_server:11.1.1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DBAC91D-14AA-4FEA-BBDA-C09CB5B3B831\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56239DBD-E294-44A4-9DD3-CEEC58C1BC0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48C9BD8E-7214-4B44-B549-6F11B3EA8A04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_category_management_planning_\\\\\u0026_optimization:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C054317-4891-44EE-B7E9-DD9B8E7BAE54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2140357-503A-4D2A-A099-CFA4DC649E41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_eftlink:20.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E834CC29-EFFC-4B09-89FD-761E3744F23C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:14.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CADAC4BA-0451-4FFD-9071-087C8568C3C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:15.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17AEB94A-ED0B-4A2F-A03B-DD963E83CE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B042849-7EF5-4A5F-B6CD-712C0B8735BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA800332-C6B9-4F05-9FB0-72C1040AAFD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_item_planning:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DD30470-55C7-491F-A2FD-754CDF5A750F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_macro_space_optimization:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70B2E10E-2BFF-4E43-9EF8-3EF56FD252C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_merchandise_financial_planning:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5929F6F2-853A-4FE0-8F64-0F7861091A03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_merchandising_system:14.1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"212A8F95-8EA0-471B-82D9-5DECCBCE5C2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8383028-B719-41FD-9B6A-71F8EB4C5F8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6DA82ED-20FF-4E6D-ACA0-C65F51F4F5C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_regular_price_optimization:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0922934E-2658-430F-99BE-A13C8A5F4338\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_replenishment_optimization:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86F5DE7E-2712-4A04-8FBE-AEE2CB3D03F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7FCC976-615C-4DE5-9F50-1B25E9553962\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:15.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84142490-E2D5-4B1F-A0D2-D2D68B120AFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEE71EA5-B315-4F1E-BFEE-EC426B562F7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74ACC94B-4A9F-451D-B639-6008A108BDDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4C6CCB0-241E-4295-B4D0-F021CEC660D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C96F0D4-4640-447B-A3AB-0AACF2E80C84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ACC6BE4-B48B-489F-93DB-82A72D1AA409\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78D8F551-8DC8-4510-8350-AE6BC64748DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"490B2C44-CECD-4551-B04F-4076D0E053C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48EFC111-B01B-4C34-87E4-D6B2C40C0122\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"073FEA23-E46A-4C73-9D29-95CFF4F5A59D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:storagetek_tape_analytics:2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE6B6243-9FE9-432B-B5A8-20E515E06A93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.2.2.8.27\",\"matchCriteriaId\":\"513AE97F-161C-43D2-B2D1-653125A9E920\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5BBA303-8D2B-48C5-B52A-4E192166699C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DF02546-3F0D-4FDD-89B1-8A3FE43FB5BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F906F04-39E4-4BE4-8A73-9D058AAADB43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B393A82-476A-4270-A903-38ED4169E431\"}]}]}],\"references\":[{\"url\":\"https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.gentoo.org/glsa/202011-18\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202011-18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}" } }
gsd-2020-11979
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2020-11979", "description": "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.", "id": "GSD-2020-11979", "references": [ "https://www.suse.com/security/cve/CVE-2020-11979.html", "https://access.redhat.com/errata/RHSA-2021:0637", "https://access.redhat.com/errata/RHSA-2021:0429", "https://access.redhat.com/errata/RHSA-2021:0423", "https://advisories.mageia.org/CVE-2020-11979.html", "https://security.archlinux.org/CVE-2020-11979" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2020-11979" ], "details": "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.", "id": "GSD-2020-11979", "modified": "2023-12-13T01:22:06.879834Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2020-11979", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Ant", "version": { "version_data": [ { "version_value": "Apache Ant 1.10.8" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "insecure temporary file vulnerability" } ] }, { "description": [ { "lang": "eng", "value": "CWE-379 Creation of Temporary File in Directory with Incorrect Permissions" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E" }, { "name": "FEDORA-2020-2640aa4e19", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/" }, { "name": "FEDORA-2020-92b1d001b3", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/" }, { "name": "FEDORA-2020-3ce0f55bc5", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/" }, { "name": "GLSA-202011-18", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202011-18" }, { "name": "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "name": "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm", "refsource": "MISC", "url": "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm" }, { "name": "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E" }, { "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "[1.10.8]", "affected_versions": "Version 1.10.8", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2021-12-07", "description": "As mitigation for CVE-2020-1945 Apache Ant changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately, the `fixcrlf` task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.", "fixed_versions": [ "1.10.9" ], "identifier": "CVE-2020-11979", "identifiers": [ "CVE-2020-11979", "GHSA-j45w-qrgf-25vm" ], "not_impacted": "All versions before 1.10.8, all versions after 1.10.8", "package_slug": "maven/org.apache.ant/ant", "pubdate": "2020-10-01", "solution": "Upgrade to version 1.10.9 or above.", "title": "Injection Vulnerability", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2020-11979", "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E", "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E", "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E", "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E", "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E", "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E" ], "uuid": "ba72c3cc-053c-41a9-83d0-dec1b52c217b" }, { "affected_range": "(,6.8.0)", "affected_versions": "All versions before 6.8.0", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2021-12-07", "description": "As mitigation for CVE-2020-1945 Apache Ant changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately, the `fixcrlf` task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.", "fixed_versions": [], "identifier": "CVE-2020-11979", "identifiers": [ "CVE-2020-11979", "GHSA-j45w-qrgf-25vm" ], "not_impacted": "", "package_slug": "maven/org.gradle/gradle-core", "pubdate": "2020-10-01", "solution": "Unfortunately, there is no solution available yet.", "title": "Injection Vulnerability", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2020-11979", "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E", "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E", "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E", "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E", "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E", "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E" ], "uuid": "4e1a0578-e4cf-4634-b4c0-25cdc3257040" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:ant:1.10.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.8.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.2.11", "versionStartIncluding": "16.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.9", "versionStartIncluding": "8.0.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.9", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:real-time_decision_server:3.2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:real-time_decision_server:11.1.1.9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_category_management_planning_\\\u0026_optimization:16.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_eftlink:20.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_item_planning:16.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_macro_space_optimization:16.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandise_financial_planning:16.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:14.1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_regular_price_optimization:16.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_replenishment_optimization:16.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:storagetek_tape_analytics:2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.2.2.8.27", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2020-11979" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E", "refsource": "MISC", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", "refsource": "MLIST", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E" }, { "name": "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E" }, { "name": "FEDORA-2020-2640aa4e19", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/" }, { "name": "FEDORA-2020-3ce0f55bc5", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/" }, { "name": "FEDORA-2020-92b1d001b3", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/" }, { "name": "GLSA-202011-18", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202011-18" }, { "name": "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "name": "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm", "refsource": "MISC", "tags": [ "Third Party Advisory" ], "url": "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm" }, { "name": "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", "refsource": "MLIST", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", "refsource": "MLIST", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E" }, { "name": "N/A", "refsource": "N/A", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2022-05-12T14:43Z", "publishedDate": "2020-10-01T20:15Z" } } }
rhsa-2021_0423
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.6.17 is now available with\nupdates to packages and images that fix several bugs.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.17. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:0424\n\nSecurity Fix(es):\n\n* jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n* jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n* jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n* jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n* jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n* jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* ant: insecure temporary file (CVE-2020-11979)\n\n* jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n* jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n* jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n* jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\n* jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0423", "url": "https://access.redhat.com/errata/RHSA-2021:0423" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1837444", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444" }, { "category": "external", "summary": "1903702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903702" }, { "category": "external", "summary": "1921322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921322" }, { "category": "external", "summary": "1925140", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925140" }, { "category": "external", "summary": "1925141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925141" }, { "category": "external", "summary": "1925143", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925143" }, { "category": "external", "summary": "1925145", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925145" }, { "category": "external", "summary": "1925151", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925151" }, { "category": "external", "summary": "1925156", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925156" }, { "category": "external", "summary": "1925157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925157" }, { "category": "external", "summary": "1925159", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925159" }, { "category": "external", "summary": "1925160", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925160" }, { "category": "external", "summary": "1925161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925161" }, { "category": "external", "summary": "1925674", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925674" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0423.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.6.17 security and packages update", "tracking": { "current_release_date": "2024-11-22T16:25:42+00:00", "generator": { "date": "2024-11-22T16:25:42+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:0423", "initial_release_date": "2021-02-17T19:06:25+00:00", "revision_history": [ { "date": "2021-02-17T19:06:25+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-02-17T19:06:25+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T16:25:42+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.6", "product": { "name": "Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.6::el8" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.6", "product": { "name": "Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.6::el7" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "product": { "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "product_id": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202102050644.p0.git.3831.1c61c6b.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "product": { "name": "openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "product_id": "openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.6.0-202102050212.p0.git.94265.716fcf8.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-0:2.263.3.1612434510-1.el8.src", "product": { "name": "jenkins-0:2.263.3.1612434510-1.el8.src", "product_id": "jenkins-0:2.263.3.1612434510-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.263.3.1612434510-1.el8?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "product": { "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "product_id": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.6.0-202102031810.p0.git.15.dcab90a.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "product": { "name": "openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "product_id": "openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr@4.6.0-202102031810.p0.git.2225.a3ab872.el8?arch=src" } } }, { "category": "product_version", "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "product": { "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "product_id": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc@1.0.0-82.rhaos4.6.git086e841.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "product_id": "jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.6.1612257979-1.el8?arch=src" } } }, { "category": "product_version", "name": "python-rsa-0:4.7-1.el8.src", "product": { "name": "python-rsa-0:4.7-1.el8.src", "product_id": "python-rsa-0:4.7-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/python-rsa@4.7-1.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "product": { "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "product_id": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202102050644.p0.git.3831.1c61c6b.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "product": { "name": "openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "product_id": "openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.6.0-202102050212.p0.git.94265.716fcf8.el7?arch=src" } } }, { "category": "product_version", "name": "cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "product": { "name": "cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "product_id": "cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.19.1-7.rhaos4.6.git6377f68.el7?arch=src" } } }, { "category": "product_version", "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "product": { "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "product_id": "runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc@1.0.0-82.rhaos4.6.git086e841.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "product": { "name": "openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "product_id": "openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible@4.6.0-202102031649.p0.git.0.bf90f86.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "product": { "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "product_id": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202102050644.p0.git.3831.1c61c6b.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "product": { "name": "openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "product_id": "openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.6.0-202102050644.p0.git.3831.1c61c6b.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "product": { "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "product_id": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202102050212.p0.git.94265.716fcf8.el8?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "product": { "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "product_id": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.6.0-202102031810.p0.git.15.dcab90a.el8?arch=x86_64" } } }, { "category": "product_version", "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "product": { "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "product_id": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc@1.0.0-82.rhaos4.6.git086e841.el8?arch=x86_64" } } }, { "category": "product_version", "name": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "product": { "name": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "product_id": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debugsource@1.0.0-82.rhaos4.6.git086e841.el8?arch=x86_64" } } }, { "category": "product_version", "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "product": { "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "product_id": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-82.rhaos4.6.git086e841.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "product": { "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "product_id": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202102050644.p0.git.3831.1c61c6b.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "product": { "name": "openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "product_id": "openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.6.0-202102050644.p0.git.3831.1c61c6b.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "product": { "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "product_id": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202102050212.p0.git.94265.716fcf8.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "product": { "name": "cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "product_id": "cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.19.1-7.rhaos4.6.git6377f68.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "product": { "name": "cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "product_id": "cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.19.1-7.rhaos4.6.git6377f68.el7?arch=x86_64" } } }, { "category": "product_version", "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "product": { "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "product_id": "runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc@1.0.0-82.rhaos4.6.git086e841.el7?arch=x86_64" } } }, { "category": "product_version", "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "product": { "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "product_id": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-82.rhaos4.6.git086e841.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "product": { "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "product_id": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202102050644.p0.git.3831.1c61c6b.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "product": { "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "product_id": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202102050212.p0.git.94265.716fcf8.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "product": { "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "product_id": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.6.0-202102031810.p0.git.15.dcab90a.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "product": { "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "product_id": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc@1.0.0-82.rhaos4.6.git086e841.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "product": { "name": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "product_id": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debugsource@1.0.0-82.rhaos4.6.git086e841.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "product": { "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "product_id": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-82.rhaos4.6.git086e841.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "product": { "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "product_id": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202102050644.p0.git.3831.1c61c6b.el8?arch=s390x" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "product": { "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "product_id": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202102050212.p0.git.94265.716fcf8.el8?arch=s390x" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "product": { "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "product_id": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.6.0-202102031810.p0.git.15.dcab90a.el8?arch=s390x" } } }, { "category": "product_version", "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "product": { "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "product_id": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc@1.0.0-82.rhaos4.6.git086e841.el8?arch=s390x" } } }, { "category": "product_version", "name": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "product": { "name": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "product_id": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debugsource@1.0.0-82.rhaos4.6.git086e841.el8?arch=s390x" } } }, { "category": "product_version", "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "product": { "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "product_id": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-82.rhaos4.6.git086e841.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.263.3.1612434510-1.el8.noarch", "product": { "name": "jenkins-0:2.263.3.1612434510-1.el8.noarch", "product_id": "jenkins-0:2.263.3.1612434510-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.263.3.1612434510-1.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "product": { "name": "openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "product_id": "openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-cni@4.6.0-202102031810.p0.git.2225.a3ab872.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "product": { "name": "openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "product_id": "openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-common@4.6.0-202102031810.p0.git.2225.a3ab872.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "product": { "name": "openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "product_id": "openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-controller@4.6.0-202102031810.p0.git.2225.a3ab872.el8?arch=noarch" } } }, { "category": "product_version", "name": "python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "product": { "name": "python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "product_id": "python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-kuryr-kubernetes@4.6.0-202102031810.p0.git.2225.a3ab872.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.6.1612257979-1.el8?arch=noarch" } } }, { "category": "product_version", "name": "python3-rsa-0:4.7-1.el8.noarch", "product": { "name": "python3-rsa-0:4.7-1.el8.noarch", "product_id": "python3-rsa-0:4.7-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-rsa@4.7-1.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "product": { "name": "openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "product_id": "openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible@4.6.0-202102031649.p0.git.0.bf90f86.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "product": { "name": "openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "product_id": "openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible-test@4.6.0-202102031649.p0.git.0.bf90f86.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src" }, "product_reference": "cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64" }, "product_reference": "cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src" }, "product_reference": "openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch" }, "product_reference": "openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src" }, "product_reference": "openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch" }, "product_reference": "openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src" }, "product_reference": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64" }, "product_reference": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64" }, "product_reference": "openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64" }, "product_reference": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src" }, "product_reference": "runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64" }, "product_reference": "runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64" }, "product_reference": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le" }, "product_reference": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x" }, "product_reference": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src" }, "product_reference": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64" }, "product_reference": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.263.3.1612434510-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch" }, "product_reference": "jenkins-0:2.263.3.1612434510-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.263.3.1612434510-1.el8.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" }, "product_reference": "jenkins-0:2.263.3.1612434510-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.6.1612257979-1.el8.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src" }, "product_reference": "openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le" }, "product_reference": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x" }, "product_reference": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src" }, "product_reference": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64" }, "product_reference": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64" }, "product_reference": "openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le" }, "product_reference": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x" }, "product_reference": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64" }, "product_reference": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src" }, "product_reference": "openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch" }, "product_reference": "openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch" }, "product_reference": "openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch" }, "product_reference": "openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "python-rsa-0:4.7-1.el8.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src" }, "product_reference": "python-rsa-0:4.7-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch" }, "product_reference": "python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "python3-rsa-0:4.7-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch" }, "product_reference": "python3-rsa-0:4.7-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le" }, "product_reference": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x" }, "product_reference": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src" }, "product_reference": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" }, "product_reference": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le" }, "product_reference": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x" }, "product_reference": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" }, "product_reference": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le" }, "product_reference": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x" }, "product_reference": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" }, "product_reference": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-1945", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2020-05-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1837444" } ], "notes": [ { "category": "description", "text": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.", "title": "Vulnerability description" }, { "category": "summary", "text": "ant: insecure temporary file vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1945" }, { "category": "external", "summary": "RHBZ#1837444", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1945", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1945" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945" } ], "release_date": "2020-05-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-17T19:06:25+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0423" }, { "category": "workaround", "details": "For versions 1.1 to 1.9.14 and 1.10.0 to 1.10.7, set the java.io.tmpdir system property to a private directory-- only readable and writable by the current user-- before running Ant.\n\nFor versions 1.9.15 and 1.10.8, use the Ant property ant.tmpfile instead. Ant 1.10.8 protects the temporary files if the underlying filesystem allows it, but using a private temporary directory is still recommended.", "product_ids": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ant: insecure temporary file vulnerability" }, { "cve": "CVE-2020-11979", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2020-10-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1903702" } ], "notes": [ { "category": "description", "text": "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.", "title": "Vulnerability description" }, { "category": "summary", "text": "ant: insecure temporary file", "title": "Vulnerability summary" }, { "category": "other", "text": "ant as shipped in Red Hat Enterprise Linux 8 is not affected by this flaw because this flaw is caused by the patch for CVE-2020-1945, however, it was never applied to ant as shipped in Red Hat Enterprise Linux 8, because the decision was made by Engineering to WONTFIX that flaw.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11979" }, { "category": "external", "summary": "RHBZ#1903702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903702" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11979", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11979" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11979", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11979" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202011-18", "url": "https://security.gentoo.org/glsa/202011-18" } ], "release_date": "2020-10-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-17T19:06:25+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0423" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ant: insecure temporary file" }, { "cve": "CVE-2021-21602", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-02-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925161" } ], "notes": [ { "category": "description", "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Arbitrary file read vulnerability in workspace browsers", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21602" }, { "category": "external", "summary": "RHBZ#1925161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925161" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21602", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21602" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21602", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21602" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-17T19:06:25+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0423" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins: Arbitrary file read vulnerability in workspace browsers" }, { "cve": "CVE-2021-21603", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2021-02-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925160" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability is possible due to the contents of the notification bar responses not being properly escaped. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: XSS vulnerability in notification bar", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21603" }, { "category": "external", "summary": "RHBZ#1925160", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925160" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21603", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21603" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21603", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21603" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-17T19:06:25+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0423" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: XSS vulnerability in notification bar" }, { "cve": "CVE-2021-21604", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-02-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925157" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins. An attacker with permission to create or configure various objects to inject crafted content into Old Data Monitor can cause the instantiation of potentially unsafe objects once discarded by an administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Improper handling of REST API XML deserialization errors", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21604" }, { "category": "external", "summary": "RHBZ#1925157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21604", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21604" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21604", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21604" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-17T19:06:25+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0423" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Improper handling of REST API XML deserialization errors" }, { "cve": "CVE-2021-21605", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-02-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925143" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins. Users with Agent/Configure permissions can choose agent names that cause an override to the global `config.xml` file. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Path traversal vulnerability in agent names", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21605" }, { "category": "external", "summary": "RHBZ#1925143", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925143" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21605", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21605" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21605", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21605" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-17T19:06:25+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0423" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Path traversal vulnerability in agent names" }, { "cve": "CVE-2021-21606", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-02-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925159" } ], "notes": [ { "category": "description", "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Arbitrary file existence check in file fingerprints", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21606" }, { "category": "external", "summary": "RHBZ#1925159", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925159" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21606", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21606" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21606", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21606" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-17T19:06:25+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0423" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins: Arbitrary file existence check in file fingerprints" }, { "cve": "CVE-2021-21607", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2021-02-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925156" } ], "notes": [ { "category": "description", "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Excessive memory allocation in graph URLs leads to denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21607" }, { "category": "external", "summary": "RHBZ#1925156", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925156" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21607", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21607" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21607", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21607" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-17T19:06:25+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0423" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins: Excessive memory allocation in graph URLs leads to denial of service" }, { "cve": "CVE-2021-21608", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2021-02-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925140" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability, due to the button labels not being properly escaped, can allow an attacker to control button labels. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Stored XSS vulnerability in button labels", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21608" }, { "category": "external", "summary": "RHBZ#1925140", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925140" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21608", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21608" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21608", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21608" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-17T19:06:25+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0423" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Stored XSS vulnerability in button labels" }, { "cve": "CVE-2021-21609", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2021-02-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925141" } ], "notes": [ { "category": "description", "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Missing permission check for paths with specific prefix", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21609" }, { "category": "external", "summary": "RHBZ#1925141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925141" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21609", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21609" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21609", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21609" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-17T19:06:25+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0423" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jenkins: Missing permission check for paths with specific prefix" }, { "cve": "CVE-2021-21610", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2021-02-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925151" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability is possible due to the lack of restrictions in URL rendering in the formatted previews of markup passed as a query parameter if the configured markup formatter does not prohibit unsafe elements in the markup. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Reflected XSS vulnerability in markup formatter preview", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21610" }, { "category": "external", "summary": "RHBZ#1925151", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925151" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21610", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21610" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21610", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21610" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-17T19:06:25+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0423" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Reflected XSS vulnerability in markup formatter preview" }, { "cve": "CVE-2021-21611", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2021-02-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925145" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability is possible due to display names and IDs of item types shown on the New Item page not being properly escaped. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Stored XSS vulnerability on new item page", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21611" }, { "category": "external", "summary": "RHBZ#1925145", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925145" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21611", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21611" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21611", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21611" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-17T19:06:25+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0423" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Stored XSS vulnerability on new item page" }, { "cve": "CVE-2021-21615", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-01-27T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1921322" } ], "notes": [ { "category": "description", "text": "Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Filesystem traversal by privileged users", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src", "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src", "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src", "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch", "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21615" }, { "category": "external", "summary": "RHBZ#1921322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921322" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21615", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21615" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21615", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21615" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-01-26/#SECURITY-2197", "url": "https://www.jenkins.io/security/advisory/2021-01-26/#SECURITY-2197" } ], "release_date": "2021-01-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-17T19:06:25+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0423" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins: Filesystem traversal by privileged users" } ] }
rhsa-2021_0637
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 3.11.394 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2304)\n\n* jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2305)\n\n* ant: Insecure temporary file vulnerability (CVE-2020-1945)\n\n* jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure (CVE-2020-2306)\n\n* jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes plug-in (CVE-2020-2307)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates (CVE-2020-2308)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes plug-in allows enumerating credentials IDs (CVE-2020-2309)\n\n* ant: Insecure temporary file (CVE-2020-11979)\n\n* python-rsa: Bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 3.11.394. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2021:0638\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update fixes the following bugs among others:\n\n* Previously, the restart-cluster playbook did not evaluate the defined cluster size for ops clusters. This was causing come clusters to never complete their restart. This bug fix passes the logging ops cluster size, allowing restarts of ops clusters to complete successfully. (BZ#1879407)\n\n* Previously, the `openshift_named_certificates` role checked the contents of the `ca-bundle.crt` file during cluster installation. This caused the check to fail during initial installation because the `ca-bundle.crt` file is not yet created in that scenario. This bug fix allows the cluster to skip checking the `ca-bundle.crt` file if it does not exist, resulting in initial installations succeeding. (BZ#1920567)\n\n* Previously, if the `openshift_release` attribute was not set in the Ansible inventory file, the nodes of the cluster would fail during an upgrade. This was caused by the `cluster_facts.yml` file being gathered before the `openshift_release` attribute was defined by the upgrade playbook. Now the `cluster_facts.yml` file is gathered after the `openshift_version` role runs and the `openshift_release` attribute is set, allowing for successful node upgrades. (BZ#1921353)\n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0637", "url": "https://access.redhat.com/errata/RHSA-2021:0637" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1837444", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444" }, { "category": "external", "summary": "1849003", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849003" }, { "category": "external", "summary": "1873346", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873346" }, { "category": "external", "summary": "1879407", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879407" }, { "category": "external", "summary": "1889972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889972" }, { "category": "external", "summary": "1895939", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895939" }, { "category": "external", "summary": "1895940", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895940" }, { "category": "external", "summary": "1895941", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895941" }, { "category": "external", "summary": "1895945", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895945" }, { "category": "external", "summary": "1895946", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895946" }, { "category": "external", "summary": "1895947", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895947" }, { "category": "external", "summary": "1903699", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903699" }, { "category": "external", "summary": "1903702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903702" }, { "category": "external", "summary": "1918392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918392" }, { "category": "external", "summary": "1920567", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920567" }, { "category": "external", "summary": "1921353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921353" }, { "category": "external", "summary": "1924614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924614" }, { "category": "external", "summary": "1924811", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924811" }, { "category": "external", "summary": "1929170", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929170" }, { "category": "external", "summary": "1929216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929216" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0637.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 3.11.394 bug fix and security update", "tracking": { "current_release_date": "2024-11-22T16:25:59+00:00", "generator": { "date": "2024-11-22T16:25:59+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:0637", "initial_release_date": "2021-03-03T12:28:39+00:00", "revision_history": [ { "date": "2021-03-03T12:28:39+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-03-03T12:28:39+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T16:25:59+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 3.11", "product": { "name": "Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:3.11::el7" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "product": { "name": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "product_id": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.394-1.git.1675.fdb6e0b.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "product": { "name": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "product_id": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.394-1.git.263.49acf3a.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "product": { "name": "golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "product_id": "golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.394-1.git.1062.8adc4b8.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "product": { "name": "atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "product_id": "atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.394-1.git.481.6e48246.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "product": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "product_id": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.394-1.git.0.1900c76.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "product": { "name": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "product_id": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.394-1.git.439.4c37707.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "product": { "name": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "product_id": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.394-1.git.379.92adfdc.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "product": { "name": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "product_id": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.394-1.git.53.3d82586.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "product": { "name": "golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "product_id": "golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.394-1.git.0.1fbb64c.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "product": { "name": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "product_id": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.394-1.git.218.59eb597.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "product": { "name": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "product_id": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.394-1.git.299.ad3a3c0.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "product": { "name": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "product_id": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.394-1.git.667.08dd2a6.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "product": { "name": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "product_id": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.394-1.git.15.73f73cd.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "product": { "name": "golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "product_id": "golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.394-1.git.5026.2c9627f.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "product": { "name": "openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "product_id": "openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr@3.11.394-1.git.1490.16ed375.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "product": { "name": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "product_id": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift@3.11.394-1.git.0.e03a88e.el7?arch=src" } } }, { "category": "product_version", "name": "haproxy-0:1.8.28-1.el7.src", "product": { "name": "haproxy-0:1.8.28-1.el7.src", "product_id": "haproxy-0:1.8.28-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy@1.8.28-1.el7?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "product": { "name": "jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "product_id": "jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@3.11.1612862361-1.el7?arch=src" } } }, { "category": "product_version", "name": "jenkins-0:2.263.3.1612433584-1.el7.src", "product": { "name": "jenkins-0:2.263.3.1612433584-1.el7.src", "product_id": "jenkins-0:2.263.3.1612433584-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.263.3.1612433584-1.el7?arch=src" } } }, { "category": "product_version", "name": "python-rsa-0:4.5-3.el7.src", "product": { "name": "python-rsa-0:4.5-3.el7.src", "product_id": "python-rsa-0:4.5-3.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/python-rsa@4.5-3.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "product": { "name": "openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "product_id": "openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible@3.11.394-6.git.0.47ec25d.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "product": { "name": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "product_id": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.394-1.git.1675.fdb6e0b.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "product": { "name": "atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "product_id": "atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.11.394-1.git.1675.fdb6e0b.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "product": { "name": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "product_id": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.394-1.git.263.49acf3a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "product": { "name": "prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "product_id": "prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-node-exporter@3.11.394-1.git.1062.8adc4b8.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "product": { "name": "atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "product_id": "atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.394-1.git.481.6e48246.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "product": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "product_id": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.394-1.git.0.1900c76.el7?arch=x86_64" } } }, { "category": "product_version", "name": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "product": { "name": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "product_id": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.394-1.git.439.4c37707.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "product": { "name": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "product_id": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.394-1.git.379.92adfdc.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "product": { "name": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "product_id": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.394-1.git.53.3d82586.el7?arch=x86_64" } } }, { "category": "product_version", "name": "prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "product": { "name": "prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "product_id": "prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-alertmanager@3.11.394-1.git.0.1fbb64c.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "product": { "name": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "product_id": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.394-1.git.218.59eb597.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "product": { "name": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "product_id": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.394-1.git.299.ad3a3c0.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "product": { "name": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "product_id": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.394-1.git.667.08dd2a6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "product": { "name": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "product_id": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.394-1.git.15.73f73cd.el7?arch=x86_64" } } }, { "category": "product_version", "name": "prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "product": { "name": "prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "product_id": "prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus@3.11.394-1.git.5026.2c9627f.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product": { "name": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product_id": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift@3.11.394-1.git.0.e03a88e.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product": { "name": "atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product_id": "atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.11.394-1.git.0.e03a88e.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product": { "name": "atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product_id": "atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.11.394-1.git.0.e03a88e.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product": { "name": "atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product_id": "atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.394-1.git.0.e03a88e.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product": { "name": "atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product_id": "atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.394-1.git.0.e03a88e.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product": { "name": "atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product_id": "atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-master@3.11.394-1.git.0.e03a88e.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product": { "name": "atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product_id": "atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node@3.11.394-1.git.0.e03a88e.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product": { "name": "atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product_id": "atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.11.394-1.git.0.e03a88e.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product": { "name": "atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product_id": "atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.394-1.git.0.e03a88e.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product": { "name": "atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product_id": "atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.394-1.git.0.e03a88e.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product": { "name": "atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product_id": "atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.11.394-1.git.0.e03a88e.el7?arch=x86_64" } } }, { "category": "product_version", "name": "haproxy18-0:1.8.28-1.el7.x86_64", "product": { "name": "haproxy18-0:1.8.28-1.el7.x86_64", "product_id": "haproxy18-0:1.8.28-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy18@1.8.28-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "product": { "name": "haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "product_id": "haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy-debuginfo@1.8.28-1.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "product": { "name": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "product_id": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.394-1.git.1675.fdb6e0b.el7?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "product": { "name": "atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "product_id": "atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.11.394-1.git.1675.fdb6e0b.el7?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "product": { "name": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "product_id": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.394-1.git.263.49acf3a.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "product": { "name": "prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "product_id": "prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-node-exporter@3.11.394-1.git.1062.8adc4b8.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "product": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "product_id": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.394-1.git.0.1900c76.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "product": { "name": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "product_id": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.394-1.git.439.4c37707.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "product": { "name": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "product_id": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.394-1.git.379.92adfdc.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "product": { "name": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "product_id": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.394-1.git.53.3d82586.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "product": { "name": "prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "product_id": "prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-alertmanager@3.11.394-1.git.0.1fbb64c.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "product": { "name": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "product_id": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.394-1.git.218.59eb597.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "product": { "name": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "product_id": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.394-1.git.299.ad3a3c0.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "product": { "name": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "product_id": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.394-1.git.667.08dd2a6.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "product": { "name": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "product_id": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.394-1.git.15.73f73cd.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "product": { "name": "prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "product_id": "prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus@3.11.394-1.git.5026.2c9627f.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product": { "name": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product_id": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift@3.11.394-1.git.0.e03a88e.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product": { "name": "atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product_id": "atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.11.394-1.git.0.e03a88e.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product": { "name": "atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product_id": "atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.394-1.git.0.e03a88e.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product": { "name": "atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product_id": "atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.394-1.git.0.e03a88e.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product": { "name": "atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product_id": "atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-master@3.11.394-1.git.0.e03a88e.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product": { "name": "atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product_id": "atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node@3.11.394-1.git.0.e03a88e.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product": { "name": "atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product_id": "atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.11.394-1.git.0.e03a88e.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product": { "name": "atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product_id": "atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.394-1.git.0.e03a88e.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product": { "name": "atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product_id": "atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.394-1.git.0.e03a88e.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product": { "name": "atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product_id": "atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.11.394-1.git.0.e03a88e.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "haproxy18-0:1.8.28-1.el7.ppc64le", "product": { "name": "haproxy18-0:1.8.28-1.el7.ppc64le", "product_id": "haproxy18-0:1.8.28-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy18@1.8.28-1.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "product": { "name": "haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "product_id": "haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy-debuginfo@1.8.28-1.el7?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "product": { "name": "openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "product_id": "openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-cni@3.11.394-1.git.1490.16ed375.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "product": { "name": "openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "product_id": "openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-common@3.11.394-1.git.1490.16ed375.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "product": { "name": "openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "product_id": "openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-controller@3.11.394-1.git.1490.16ed375.el7?arch=noarch" } } }, { "category": "product_version", "name": "python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "product": { "name": "python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "product_id": "python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python2-kuryr-kubernetes@3.11.394-1.git.1490.16ed375.el7?arch=noarch" } } }, { "category": "product_version", "name": "atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "product": { "name": "atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "product_id": "atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.11.394-1.git.0.e03a88e.el7?arch=noarch" } } }, { "category": "product_version", "name": "atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "product": { "name": "atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "product_id": "atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.11.394-1.git.0.e03a88e.el7?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "product": { "name": "jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "product_id": "jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@3.11.1612862361-1.el7?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-0:2.263.3.1612433584-1.el7.noarch", "product": { "name": "jenkins-0:2.263.3.1612433584-1.el7.noarch", "product_id": "jenkins-0:2.263.3.1612433584-1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.263.3.1612433584-1.el7?arch=noarch" } } }, { "category": "product_version", "name": "python2-rsa-0:4.5-3.el7.noarch", "product": { "name": "python2-rsa-0:4.5-3.el7.noarch", "product_id": "python2-rsa-0:4.5-3.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python2-rsa@4.5-3.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "product": { "name": "openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "product_id": "openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible@3.11.394-6.git.0.47ec25d.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "product": { "name": "openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "product_id": "openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible-docs@3.11.394-6.git.0.47ec25d.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "product": { "name": "openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "product_id": "openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.11.394-6.git.0.47ec25d.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "product": { "name": "openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "product_id": "openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible-roles@3.11.394-6.git.0.47ec25d.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "product": { "name": "openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "product_id": "openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible-test@3.11.394-6.git.0.47ec25d.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le" }, "product_reference": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src" }, "product_reference": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64" }, "product_reference": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le" }, "product_reference": "atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64" }, "product_reference": "atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le" }, "product_reference": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src" }, "product_reference": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64" }, "product_reference": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le" }, "product_reference": "atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64" }, "product_reference": "atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64" }, "product_reference": "atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le" }, "product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src" }, "product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64" }, "product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le" }, "product_reference": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src" }, "product_reference": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64" }, "product_reference": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch" }, "product_reference": "atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src" }, "product_reference": "atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64" }, "product_reference": "atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch" }, "product_reference": "atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le" }, "product_reference": "atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64" }, "product_reference": "atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le" }, "product_reference": "atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64" }, "product_reference": "atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le" }, "product_reference": "atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64" }, "product_reference": "atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le" }, "product_reference": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src" }, "product_reference": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64" }, "product_reference": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le" }, "product_reference": "atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64" }, "product_reference": "atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le" }, "product_reference": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src" }, "product_reference": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64" }, "product_reference": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le" }, "product_reference": "atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64" }, "product_reference": "atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le" }, "product_reference": "atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64" }, "product_reference": "atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le" }, "product_reference": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src" }, "product_reference": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64" }, "product_reference": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le" }, "product_reference": "atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64" }, "product_reference": "atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le" }, "product_reference": "atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64" }, "product_reference": "atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le" }, "product_reference": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src" }, "product_reference": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64" }, "product_reference": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le" }, "product_reference": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src" }, "product_reference": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64" }, "product_reference": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src" }, "product_reference": "golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src" }, "product_reference": "golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src" }, "product_reference": "golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy-0:1.8.28-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src" }, "product_reference": "haproxy-0:1.8.28-1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy-debuginfo-0:1.8.28-1.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le" }, "product_reference": "haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy-debuginfo-0:1.8.28-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64" }, "product_reference": "haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy18-0:1.8.28-1.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le" }, "product_reference": "haproxy18-0:1.8.28-1.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy18-0:1.8.28-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64" }, "product_reference": "haproxy18-0:1.8.28-1.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.263.3.1612433584-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch" }, "product_reference": "jenkins-0:2.263.3.1612433584-1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.263.3.1612433584-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" }, "product_reference": "jenkins-0:2.263.3.1612433584-1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch" }, "product_reference": "jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:3.11.1612862361-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src" }, "product_reference": "jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch" }, "product_reference": "openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src" }, "product_reference": "openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch" }, "product_reference": "openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch" }, "product_reference": "openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch" }, "product_reference": "openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch" }, "product_reference": "openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le" }, "product_reference": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src" }, "product_reference": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64" }, "product_reference": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le" }, "product_reference": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src" }, "product_reference": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64" }, "product_reference": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src" }, "product_reference": "openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch" }, "product_reference": "openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch" }, "product_reference": "openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch" }, "product_reference": "openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le" }, "product_reference": "prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64" }, "product_reference": "prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le" }, "product_reference": "prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64" }, "product_reference": "prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le" }, "product_reference": "prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64" }, "product_reference": "prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "python-rsa-0:4.5-3.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src" }, "product_reference": "python-rsa-0:4.5-3.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch" }, "product_reference": "python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "python2-rsa-0:4.5-3.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" }, "product_reference": "python2-rsa-0:4.5-3.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-1945", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2020-05-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1837444" } ], "notes": [ { "category": "description", "text": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.", "title": "Vulnerability description" }, { "category": "summary", "text": "ant: insecure temporary file vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1945" }, { "category": "external", "summary": "RHBZ#1837444", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1945", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1945" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945" } ], "release_date": "2020-05-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T12:28:39+00:00", "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0637" }, { "category": "workaround", "details": "For versions 1.1 to 1.9.14 and 1.10.0 to 1.10.7, set the java.io.tmpdir system property to a private directory-- only readable and writable by the current user-- before running Ant.\n\nFor versions 1.9.15 and 1.10.8, use the Ant property ant.tmpfile instead. Ant 1.10.8 protects the temporary files if the underlying filesystem allows it, but using a private temporary directory is still recommended.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ant: insecure temporary file vulnerability" }, { "cve": "CVE-2020-2304", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2020-11-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1895939" } ], "notes": [ { "category": "description", "text": "A flaw was found in the subversion Jenkins plugin. The XML parser is not properly configured to prevent XML external entity (XXE) attacks allowing an attacker the ability to control an agent process and have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. The highest threat from this vulnerability is to data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-2304" }, { "category": "external", "summary": "RHBZ#1895939", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895939" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2304", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2304" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2304", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2304" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2145", "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2145" } ], "release_date": "2020-11-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T12:28:39+00:00", "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0637" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks" }, { "cve": "CVE-2020-2305", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2020-11-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1895940" } ], "notes": [ { "category": "description", "text": "A flaw was found in the mercurial plugin in Jenkins. The XML changelog parser is not configured to prevent an XML external entity (XXE) attack allowing an attacker the ability to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. The highest threat from this vulnerability is to data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-2305" }, { "category": "external", "summary": "RHBZ#1895940", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895940" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2305", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2305" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2305", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2305" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2115", "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2115" } ], "release_date": "2020-11-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T12:28:39+00:00", "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0637" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks" }, { "cve": "CVE-2020-2306", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "discovery_date": "2020-11-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1895941" } ], "notes": [ { "category": "description", "text": "A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-2306" }, { "category": "external", "summary": "RHBZ#1895941", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895941" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2306", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2306" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2306", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2306" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2104", "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2104" } ], "release_date": "2020-11-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T12:28:39+00:00", "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure" }, { "cve": "CVE-2020-2307", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2020-11-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1895945" } ], "notes": [ { "category": "description", "text": "Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-2307" }, { "category": "external", "summary": "RHBZ#1895945", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895945" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2307" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646", "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646" } ], "release_date": "2020-11-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T12:28:39+00:00", "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin" }, { "cve": "CVE-2020-2308", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "discovery_date": "2020-11-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1895946" } ], "notes": [ { "category": "description", "text": "A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-2308" }, { "category": "external", "summary": "RHBZ#1895946", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895946" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2308", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2308" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2308", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2308" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102", "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102" } ], "release_date": "2020-11-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T12:28:39+00:00", "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates" }, { "cve": "CVE-2020-2309", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "discovery_date": "2020-11-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1895947" } ], "notes": [ { "category": "description", "text": "A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-2309" }, { "category": "external", "summary": "RHBZ#1895947", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895947" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2309", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2309" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2309", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2309" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103", "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103" } ], "release_date": "2020-11-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T12:28:39+00:00", "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs" }, { "cve": "CVE-2020-11979", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2020-10-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1903702" } ], "notes": [ { "category": "description", "text": "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.", "title": "Vulnerability description" }, { "category": "summary", "text": "ant: insecure temporary file", "title": "Vulnerability summary" }, { "category": "other", "text": "ant as shipped in Red Hat Enterprise Linux 8 is not affected by this flaw because this flaw is caused by the patch for CVE-2020-1945, however, it was never applied to ant as shipped in Red Hat Enterprise Linux 8, because the decision was made by Engineering to WONTFIX that flaw.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11979" }, { "category": "external", "summary": "RHBZ#1903702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903702" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11979", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11979" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11979", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11979" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202011-18", "url": "https://security.gentoo.org/glsa/202011-18" } ], "release_date": "2020-10-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T12:28:39+00:00", "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ant: insecure temporary file" }, { "acknowledgments": [ { "names": [ "Hubert Kario" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-25658", "cwe": { "id": "CWE-385", "name": "Covert Timing Channel" }, "discovery_date": "2020-10-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1889972" } ], "notes": [ { "category": "description", "text": "A flaw was found in python-rsa, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "python-rsa: bleichenbacher timing oracle attack against RSA decryption", "title": "Vulnerability summary" }, { "category": "other", "text": "In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-rsa package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25658" }, { "category": "external", "summary": "RHBZ#1889972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889972" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25658", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25658" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25658", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25658" }, { "category": "external", "summary": "https://github.com/sybrenstuvel/python-rsa/issues/165", "url": "https://github.com/sybrenstuvel/python-rsa/issues/165" } ], "release_date": "2020-11-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T12:28:39+00:00", "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "python-rsa: bleichenbacher timing oracle attack against RSA decryption" }, { "cve": "CVE-2021-21602", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-02-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925161" } ], "notes": [ { "category": "description", "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Arbitrary file read vulnerability in workspace browsers", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21602" }, { "category": "external", "summary": "RHBZ#1925161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925161" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21602", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21602" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21602", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21602" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T12:28:39+00:00", "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins: Arbitrary file read vulnerability in workspace browsers" }, { "cve": "CVE-2021-21603", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2021-02-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925160" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability is possible due to the contents of the notification bar responses not being properly escaped. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: XSS vulnerability in notification bar", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21603" }, { "category": "external", "summary": "RHBZ#1925160", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925160" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21603", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21603" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21603", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21603" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T12:28:39+00:00", "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: XSS vulnerability in notification bar" }, { "cve": "CVE-2021-21604", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-02-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925157" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins. An attacker with permission to create or configure various objects to inject crafted content into Old Data Monitor can cause the instantiation of potentially unsafe objects once discarded by an administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Improper handling of REST API XML deserialization errors", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21604" }, { "category": "external", "summary": "RHBZ#1925157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21604", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21604" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21604", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21604" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T12:28:39+00:00", "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Improper handling of REST API XML deserialization errors" }, { "cve": "CVE-2021-21605", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-02-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925143" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins. Users with Agent/Configure permissions can choose agent names that cause an override to the global `config.xml` file. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Path traversal vulnerability in agent names", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21605" }, { "category": "external", "summary": "RHBZ#1925143", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925143" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21605", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21605" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21605", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21605" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T12:28:39+00:00", "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Path traversal vulnerability in agent names" }, { "cve": "CVE-2021-21606", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-02-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925159" } ], "notes": [ { "category": "description", "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Arbitrary file existence check in file fingerprints", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21606" }, { "category": "external", "summary": "RHBZ#1925159", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925159" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21606", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21606" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21606", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21606" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T12:28:39+00:00", "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins: Arbitrary file existence check in file fingerprints" }, { "cve": "CVE-2021-21607", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2021-02-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925156" } ], "notes": [ { "category": "description", "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Excessive memory allocation in graph URLs leads to denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21607" }, { "category": "external", "summary": "RHBZ#1925156", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925156" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21607", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21607" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21607", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21607" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T12:28:39+00:00", "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins: Excessive memory allocation in graph URLs leads to denial of service" }, { "cve": "CVE-2021-21608", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2021-02-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925140" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability, due to the button labels not being properly escaped, can allow an attacker to control button labels. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Stored XSS vulnerability in button labels", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21608" }, { "category": "external", "summary": "RHBZ#1925140", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925140" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21608", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21608" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21608", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21608" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T12:28:39+00:00", "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Stored XSS vulnerability in button labels" }, { "cve": "CVE-2021-21609", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2021-02-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925141" } ], "notes": [ { "category": "description", "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Missing permission check for paths with specific prefix", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21609" }, { "category": "external", "summary": "RHBZ#1925141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925141" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21609", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21609" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21609", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21609" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T12:28:39+00:00", "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jenkins: Missing permission check for paths with specific prefix" }, { "cve": "CVE-2021-21610", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2021-02-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925151" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability is possible due to the lack of restrictions in URL rendering in the formatted previews of markup passed as a query parameter if the configured markup formatter does not prohibit unsafe elements in the markup. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Reflected XSS vulnerability in markup formatter preview", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21610" }, { "category": "external", "summary": "RHBZ#1925151", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925151" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21610", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21610" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21610", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21610" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T12:28:39+00:00", "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Reflected XSS vulnerability in markup formatter preview" }, { "cve": "CVE-2021-21611", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2021-02-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925145" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability is possible due to display names and IDs of item types shown on the New Item page not being properly escaped. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Stored XSS vulnerability on new item page", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le", "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch", "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21611" }, { "category": "external", "summary": "RHBZ#1925145", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925145" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21611", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21611" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21611", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21611" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T12:28:39+00:00", "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Stored XSS vulnerability on new item page" } ] }
rhsa-2021_0429
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.5.33 is now available with\nupdates to packages and images that fix several bugs.\n\nThis release also includes a security update for Red Hat OpenShift Container Platform 4.5.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.5.33. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHSA-2021:0428\n\nSecurity Fix(es):\n\n* jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n* jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n* jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n* jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n* jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n* jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* ant: insecure temporary file (CVE-2020-11979)\n\n* jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n* jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n* jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n* jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\n* jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0429", "url": "https://access.redhat.com/errata/RHSA-2021:0429" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1837444", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444" }, { "category": "external", "summary": "1903702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903702" }, { "category": "external", "summary": "1921322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921322" }, { "category": "external", "summary": "1925140", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925140" }, { "category": "external", "summary": "1925141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925141" }, { "category": "external", "summary": "1925143", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925143" }, { "category": "external", "summary": "1925145", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925145" }, { "category": "external", "summary": "1925151", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925151" }, { "category": "external", "summary": "1925156", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925156" }, { "category": "external", "summary": "1925157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925157" }, { "category": "external", "summary": "1925159", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925159" }, { "category": "external", "summary": "1925160", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925160" }, { "category": "external", "summary": "1925161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925161" }, { "category": "external", "summary": "1925678", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925678" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0429.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.5.33 packages and security update", "tracking": { "current_release_date": "2024-11-22T16:25:50+00:00", "generator": { "date": "2024-11-22T16:25:50+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:0429", "initial_release_date": "2021-03-03T04:19:25+00:00", "revision_history": [ { "date": "2021-03-03T04:19:25+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-03-03T04:19:25+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T16:25:50+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.5", "product": { "name": "Red Hat OpenShift Container Platform 4.5", "product_id": "7Server-RH7-RHOSE-4.5", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.5::el7" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.5", "product": { "name": "Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.5::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "product": { "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "product_id": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.5.0-202102051529.p0.git.3612.61b096a.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "product": { "name": "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "product_id": "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.5.0-202102050524.p0.git.0.9229406.el7?arch=src" } } }, { "category": "product_version", "name": "jenkins-0:2.263.3.1612434332-1.el7.src", "product": { "name": "jenkins-0:2.263.3.1612434332-1.el7.src", "product_id": "jenkins-0:2.263.3.1612434332-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.263.3.1612434332-1.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "product": { "name": "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "product_id": "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible@4.5.0-202102031005.p0.git.0.c6839a2.el7?arch=src" } } }, { "category": "product_version", "name": "conmon-2:2.0.21-1.rhaos4.5.el7.src", "product": { "name": "conmon-2:2.0.21-1.rhaos4.5.el7.src", "product_id": "conmon-2:2.0.21-1.rhaos4.5.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/conmon@2.0.21-1.rhaos4.5.el7?arch=src\u0026epoch=2" } } }, { "category": "product_version", "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "product": { "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "product_id": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.5.0-202102051529.p0.git.3612.61b096a.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "product": { "name": "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "product_id": "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.5.0-202102050524.p0.git.0.9229406.el8?arch=src" } } }, { "category": "product_version", "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "product": { "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "product_id": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/machine-config-daemon@4.5.0-202102050524.p0.git.2594.ff3b8c0.el8?arch=src" } } }, { "category": "product_version", "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "product": { "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "product_id": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc@1.0.0-72.rhaos4.5.giteadfc6b.el8?arch=src" } } }, { "category": "product_version", "name": "conmon-2:2.0.21-1.rhaos4.5.el8.src", "product": { "name": "conmon-2:2.0.21-1.rhaos4.5.el8.src", "product_id": "conmon-2:2.0.21-1.rhaos4.5.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/conmon@2.0.21-1.rhaos4.5.el8?arch=src\u0026epoch=2" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "product": { "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "product_id": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.5.0-202102051529.p0.git.3612.61b096a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "product": { "name": "openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "product_id": "openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.5.0-202102051529.p0.git.3612.61b096a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "product": { "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "product_id": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.5.0-202102050524.p0.git.0.9229406.el7?arch=x86_64" } } }, { "category": "product_version", "name": "conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "product": { "name": "conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "product_id": "conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/conmon@2.0.21-1.rhaos4.5.el7?arch=x86_64\u0026epoch=2" } } }, { "category": "product_version", "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "product": { "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "product_id": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.5.0-202102051529.p0.git.3612.61b096a.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "product": { "name": "openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "product_id": "openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.5.0-202102051529.p0.git.3612.61b096a.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "product": { "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "product_id": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.5.0-202102050524.p0.git.0.9229406.el8?arch=x86_64" } } }, { "category": "product_version", "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "product": { "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "product_id": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/machine-config-daemon@4.5.0-202102050524.p0.git.2594.ff3b8c0.el8?arch=x86_64" } } }, { "category": "product_version", "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "product": { "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "product_id": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc@1.0.0-72.rhaos4.5.giteadfc6b.el8?arch=x86_64" } } }, { "category": "product_version", "name": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "product": { "name": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "product_id": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debugsource@1.0.0-72.rhaos4.5.giteadfc6b.el8?arch=x86_64" } } }, { "category": "product_version", "name": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "product": { "name": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "product_id": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-72.rhaos4.5.giteadfc6b.el8?arch=x86_64" } } }, { "category": "product_version", "name": "conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "product": { "name": "conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "product_id": "conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/conmon@2.0.21-1.rhaos4.5.el8?arch=x86_64\u0026epoch=2" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "product": { "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "product_id": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.5.0-202102051529.p0.git.3612.61b096a.el7?arch=s390x" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "product": { "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "product_id": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.5.0-202102050524.p0.git.0.9229406.el7?arch=s390x" } } }, { "category": "product_version", "name": "conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "product": { "name": "conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "product_id": "conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/conmon@2.0.21-1.rhaos4.5.el7?arch=s390x\u0026epoch=2" } } }, { "category": "product_version", "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "product": { "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "product_id": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.5.0-202102051529.p0.git.3612.61b096a.el8?arch=s390x" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "product": { "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "product_id": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.5.0-202102050524.p0.git.0.9229406.el8?arch=s390x" } } }, { "category": "product_version", "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "product": { "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "product_id": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/machine-config-daemon@4.5.0-202102050524.p0.git.2594.ff3b8c0.el8?arch=s390x" } } }, { "category": "product_version", "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "product": { "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "product_id": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc@1.0.0-72.rhaos4.5.giteadfc6b.el8?arch=s390x" } } }, { "category": "product_version", "name": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "product": { "name": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "product_id": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debugsource@1.0.0-72.rhaos4.5.giteadfc6b.el8?arch=s390x" } } }, { "category": "product_version", "name": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "product": { "name": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "product_id": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-72.rhaos4.5.giteadfc6b.el8?arch=s390x" } } }, { "category": "product_version", "name": "conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "product": { "name": "conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "product_id": "conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/conmon@2.0.21-1.rhaos4.5.el8?arch=s390x\u0026epoch=2" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "product": { "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "product_id": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.5.0-202102051529.p0.git.3612.61b096a.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "product": { "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "product_id": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.5.0-202102050524.p0.git.0.9229406.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "product": { "name": "conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "product_id": "conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/conmon@2.0.21-1.rhaos4.5.el7?arch=ppc64le\u0026epoch=2" } } }, { "category": "product_version", "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "product": { "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "product_id": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.5.0-202102051529.p0.git.3612.61b096a.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "product": { "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "product_id": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.5.0-202102050524.p0.git.0.9229406.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "product": { "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "product_id": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/machine-config-daemon@4.5.0-202102050524.p0.git.2594.ff3b8c0.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "product": { "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "product_id": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc@1.0.0-72.rhaos4.5.giteadfc6b.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "product": { "name": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "product_id": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debugsource@1.0.0-72.rhaos4.5.giteadfc6b.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "product": { "name": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "product_id": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-72.rhaos4.5.giteadfc6b.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "product": { "name": "conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "product_id": "conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/conmon@2.0.21-1.rhaos4.5.el8?arch=ppc64le\u0026epoch=2" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.263.3.1612434332-1.el7.noarch", "product": { "name": "jenkins-0:2.263.3.1612434332-1.el7.noarch", "product_id": "jenkins-0:2.263.3.1612434332-1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.263.3.1612434332-1.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "product": { "name": "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "product_id": "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible@4.5.0-202102031005.p0.git.0.c6839a2.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "product": { "name": "openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "product_id": "openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible-test@4.5.0-202102031005.p0.git.0.c6839a2.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le" }, "product_reference": "conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "conmon-2:2.0.21-1.rhaos4.5.el7.s390x as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x" }, "product_reference": "conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "relates_to_product_reference": "7Server-RH7-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "conmon-2:2.0.21-1.rhaos4.5.el7.src as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src" }, "product_reference": "conmon-2:2.0.21-1.rhaos4.5.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "conmon-2:2.0.21-1.rhaos4.5.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64" }, "product_reference": "conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.263.3.1612434332-1.el7.noarch as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch" }, "product_reference": "jenkins-0:2.263.3.1612434332-1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.263.3.1612434332-1.el7.src as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src" }, "product_reference": "jenkins-0:2.263.3.1612434332-1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src" }, "product_reference": "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch" }, "product_reference": "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src" }, "product_reference": "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch" }, "product_reference": "openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le" }, "product_reference": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x" }, "product_reference": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "relates_to_product_reference": "7Server-RH7-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src" }, "product_reference": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64" }, "product_reference": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64" }, "product_reference": "openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le" }, "product_reference": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x" }, "product_reference": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "relates_to_product_reference": "7Server-RH7-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64" }, "product_reference": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le" }, "product_reference": "conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "conmon-2:2.0.21-1.rhaos4.5.el8.s390x as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x" }, "product_reference": "conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "conmon-2:2.0.21-1.rhaos4.5.el8.src as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src" }, "product_reference": "conmon-2:2.0.21-1.rhaos4.5.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "conmon-2:2.0.21-1.rhaos4.5.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64" }, "product_reference": "conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le" }, "product_reference": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x" }, "product_reference": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src" }, "product_reference": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64" }, "product_reference": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src" }, "product_reference": "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le" }, "product_reference": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x" }, "product_reference": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src" }, "product_reference": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64" }, "product_reference": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64" }, "product_reference": "openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le" }, "product_reference": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x" }, "product_reference": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64" }, "product_reference": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le" }, "product_reference": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x" }, "product_reference": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src" }, "product_reference": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" }, "product_reference": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le" }, "product_reference": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x" }, "product_reference": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" }, "product_reference": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le" }, "product_reference": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x" }, "product_reference": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.5", "product_id": "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" }, "product_reference": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-1945", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2020-05-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1837444" } ], "notes": [ { "category": "description", "text": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.", "title": "Vulnerability description" }, { "category": "summary", "text": "ant: insecure temporary file vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1945" }, { "category": "external", "summary": "RHBZ#1837444", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1945", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1945" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945" } ], "release_date": "2020-05-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T04:19:25+00:00", "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.", "product_ids": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0429" }, { "category": "workaround", "details": "For versions 1.1 to 1.9.14 and 1.10.0 to 1.10.7, set the java.io.tmpdir system property to a private directory-- only readable and writable by the current user-- before running Ant.\n\nFor versions 1.9.15 and 1.10.8, use the Ant property ant.tmpfile instead. Ant 1.10.8 protects the temporary files if the underlying filesystem allows it, but using a private temporary directory is still recommended.", "product_ids": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ant: insecure temporary file vulnerability" }, { "cve": "CVE-2020-11979", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2020-10-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1903702" } ], "notes": [ { "category": "description", "text": "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.", "title": "Vulnerability description" }, { "category": "summary", "text": "ant: insecure temporary file", "title": "Vulnerability summary" }, { "category": "other", "text": "ant as shipped in Red Hat Enterprise Linux 8 is not affected by this flaw because this flaw is caused by the patch for CVE-2020-1945, however, it was never applied to ant as shipped in Red Hat Enterprise Linux 8, because the decision was made by Engineering to WONTFIX that flaw.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11979" }, { "category": "external", "summary": "RHBZ#1903702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903702" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11979", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11979" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11979", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11979" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202011-18", "url": "https://security.gentoo.org/glsa/202011-18" } ], "release_date": "2020-10-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T04:19:25+00:00", "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.", "product_ids": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0429" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ant: insecure temporary file" }, { "cve": "CVE-2021-21602", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925161" } ], "notes": [ { "category": "description", "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Arbitrary file read vulnerability in workspace browsers", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21602" }, { "category": "external", "summary": "RHBZ#1925161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925161" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21602", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21602" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21602", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21602" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T04:19:25+00:00", "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.", "product_ids": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0429" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins: Arbitrary file read vulnerability in workspace browsers" }, { "cve": "CVE-2021-21603", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2021-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925160" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability is possible due to the contents of the notification bar responses not being properly escaped. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: XSS vulnerability in notification bar", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21603" }, { "category": "external", "summary": "RHBZ#1925160", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925160" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21603", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21603" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21603", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21603" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T04:19:25+00:00", "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.", "product_ids": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0429" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: XSS vulnerability in notification bar" }, { "cve": "CVE-2021-21604", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925157" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins. An attacker with permission to create or configure various objects to inject crafted content into Old Data Monitor can cause the instantiation of potentially unsafe objects once discarded by an administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Improper handling of REST API XML deserialization errors", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21604" }, { "category": "external", "summary": "RHBZ#1925157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21604", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21604" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21604", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21604" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T04:19:25+00:00", "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.", "product_ids": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0429" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Improper handling of REST API XML deserialization errors" }, { "cve": "CVE-2021-21605", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925143" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins. Users with Agent/Configure permissions can choose agent names that cause an override to the global `config.xml` file. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Path traversal vulnerability in agent names", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21605" }, { "category": "external", "summary": "RHBZ#1925143", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925143" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21605", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21605" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21605", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21605" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T04:19:25+00:00", "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.", "product_ids": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0429" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Path traversal vulnerability in agent names" }, { "cve": "CVE-2021-21606", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925159" } ], "notes": [ { "category": "description", "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Arbitrary file existence check in file fingerprints", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21606" }, { "category": "external", "summary": "RHBZ#1925159", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925159" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21606", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21606" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21606", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21606" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T04:19:25+00:00", "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.", "product_ids": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0429" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins: Arbitrary file existence check in file fingerprints" }, { "cve": "CVE-2021-21607", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2021-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925156" } ], "notes": [ { "category": "description", "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Excessive memory allocation in graph URLs leads to denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21607" }, { "category": "external", "summary": "RHBZ#1925156", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925156" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21607", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21607" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21607", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21607" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T04:19:25+00:00", "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.", "product_ids": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0429" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins: Excessive memory allocation in graph URLs leads to denial of service" }, { "cve": "CVE-2021-21608", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2021-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925140" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability, due to the button labels not being properly escaped, can allow an attacker to control button labels. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Stored XSS vulnerability in button labels", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21608" }, { "category": "external", "summary": "RHBZ#1925140", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925140" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21608", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21608" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21608", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21608" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T04:19:25+00:00", "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.", "product_ids": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0429" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Stored XSS vulnerability in button labels" }, { "cve": "CVE-2021-21609", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2021-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925141" } ], "notes": [ { "category": "description", "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Missing permission check for paths with specific prefix", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21609" }, { "category": "external", "summary": "RHBZ#1925141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925141" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21609", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21609" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21609", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21609" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T04:19:25+00:00", "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.", "product_ids": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0429" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jenkins: Missing permission check for paths with specific prefix" }, { "cve": "CVE-2021-21610", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2021-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925151" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability is possible due to the lack of restrictions in URL rendering in the formatted previews of markup passed as a query parameter if the configured markup formatter does not prohibit unsafe elements in the markup. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Reflected XSS vulnerability in markup formatter preview", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21610" }, { "category": "external", "summary": "RHBZ#1925151", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925151" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21610", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21610" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21610", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21610" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T04:19:25+00:00", "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.", "product_ids": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0429" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Reflected XSS vulnerability in markup formatter preview" }, { "cve": "CVE-2021-21611", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2021-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925145" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability is possible due to display names and IDs of item types shown on the New Item page not being properly escaped. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Stored XSS vulnerability on new item page", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21611" }, { "category": "external", "summary": "RHBZ#1925145", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925145" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21611", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21611" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21611", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21611" } ], "release_date": "2021-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T04:19:25+00:00", "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.", "product_ids": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0429" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Stored XSS vulnerability on new item page" }, { "cve": "CVE-2021-21615", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-01-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1921322" } ], "notes": [ { "category": "description", "text": "Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Filesystem traversal by privileged users", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21615" }, { "category": "external", "summary": "RHBZ#1921322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921322" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21615", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21615" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21615", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21615" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-01-26/#SECURITY-2197", "url": "https://www.jenkins.io/security/advisory/2021-01-26/#SECURITY-2197" } ], "release_date": "2021-01-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-03T04:19:25+00:00", "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.", "product_ids": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0429" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src", "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch", "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src", "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src", "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src", "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x", "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src", "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src", "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64", "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src", "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x", "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src", "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x", "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins: Filesystem traversal by privileged users" } ] }
wid-sec-w-2024-0794
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Dell ECS ist ein Objektspeichersystem.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Dell ECS ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0794 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0794.json" }, { "category": "self", "summary": "WID-SEC-2024-0794 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0794" }, { "category": "external", "summary": "Dell Security Advisory DSA-2024-141 vom 2024-04-04", "url": "https://www.dell.com/support/kbdoc/000223839/dsa-2024-=" } ], "source_lang": "en-US", "title": "Dell ECS: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-11-27T23:00:00.000+00:00", "generator": { "date": "2024-11-28T11:39:04.623+00:00", "engine": { "name": "BSI-WID", "version": "1.3.8" } }, "id": "WID-SEC-W-2024-0794", "initial_release_date": "2024-04-04T22:00:00.000+00:00", "revision_history": [ { "date": "2024-04-04T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-11-27T23:00:00.000+00:00", "number": "2", "summary": "Produktzuordnung \u00fcberpr\u00fcft" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c3.8.1.0", "product": { "name": "Dell ECS \u003c3.8.1.0", "product_id": "T033919" } }, { "category": "product_version", "name": "3.8.1.0", "product": { "name": "Dell ECS 3.8.1.0", "product_id": "T033919-fixed", "product_identification_helper": { "cpe": "cpe:/h:dell:ecs:3.8.1.0" } } } ], "category": "product_name", "name": "ECS" } ], "category": "vendor", "name": "Dell" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-18074", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2018-18074" }, { "cve": "CVE-2020-10663", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-10663" }, { "cve": "CVE-2020-10672", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-10672" }, { "cve": "CVE-2020-10673", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-10673" }, { "cve": "CVE-2020-10735", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-10735" }, { "cve": "CVE-2020-10968", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-10968" }, { "cve": "CVE-2020-10969", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-10969" }, { "cve": "CVE-2020-11111", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-11111" }, { "cve": "CVE-2020-11112", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-11112" }, { "cve": "CVE-2020-11113", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-11113" }, { "cve": "CVE-2020-11612", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-11612" }, { "cve": "CVE-2020-11619", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-11619" }, { "cve": "CVE-2020-11620", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-11620" }, { "cve": "CVE-2020-11979", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-11979" }, { "cve": "CVE-2020-12762", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-12762" }, { "cve": "CVE-2020-12825", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-12825" }, { "cve": "CVE-2020-13956", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-13956" }, { "cve": "CVE-2020-14060", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-14060" }, { "cve": "CVE-2020-14061", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-14061" }, { "cve": "CVE-2020-14062", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-14062" }, { "cve": "CVE-2020-14195", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-14195" }, { "cve": "CVE-2020-15250", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-15250" }, { "cve": "CVE-2020-1945", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-1945" }, { "cve": "CVE-2020-1967", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-1967" }, { "cve": "CVE-2020-1971", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-1971" }, { "cve": "CVE-2020-24616", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-24616" }, { "cve": "CVE-2020-24750", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-24750" }, { "cve": "CVE-2020-25649", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-25649" }, { "cve": "CVE-2020-25658", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-25658" }, { "cve": "CVE-2020-26116", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-26116" }, { "cve": "CVE-2020-26137", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-26137" }, { "cve": "CVE-2020-26541", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-26541" }, { "cve": "CVE-2020-27216", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-27216" }, { "cve": "CVE-2020-27218", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-27218" }, { "cve": "CVE-2020-27223", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-27223" }, { "cve": "CVE-2020-28366", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-28366" }, { "cve": "CVE-2020-28493", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-28493" }, { "cve": "CVE-2020-29509", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-29509" }, { "cve": "CVE-2020-29511", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-29511" }, { "cve": "CVE-2020-29582", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-29582" }, { "cve": "CVE-2020-29651", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-29651" }, { "cve": "CVE-2020-35490", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-35490" }, { "cve": "CVE-2020-35491", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-35491" }, { "cve": "CVE-2020-35728", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-35728" }, { "cve": "CVE-2020-36179", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-36179" }, { "cve": "CVE-2020-36180", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-36180" }, { "cve": "CVE-2020-36181", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-36181" }, { "cve": "CVE-2020-36182", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-36182" }, { "cve": "CVE-2020-36183", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-36183" }, { "cve": "CVE-2020-36184", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-36184" }, { "cve": "CVE-2020-36185", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-36185" }, { "cve": "CVE-2020-36186", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-36186" }, { "cve": "CVE-2020-36187", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-36187" }, { "cve": "CVE-2020-36188", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-36188" }, { "cve": "CVE-2020-36189", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-36189" }, { "cve": "CVE-2020-36516", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-36516" }, { "cve": "CVE-2020-36518", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-36518" }, { "cve": "CVE-2020-36557", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-36557" }, { "cve": "CVE-2020-36558", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-36558" }, { "cve": "CVE-2020-36691", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-36691" }, { "cve": "CVE-2020-7238", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-7238" }, { "cve": "CVE-2020-8840", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-8840" }, { "cve": "CVE-2020-8908", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-8908" }, { "cve": "CVE-2020-8911", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-8911" }, { "cve": "CVE-2020-8912", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-8912" }, { "cve": "CVE-2020-9488", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-9488" }, { "cve": "CVE-2020-9493", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-9493" }, { "cve": "CVE-2020-9546", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-9546" }, { "cve": "CVE-2020-9547", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-9547" }, { "cve": "CVE-2020-9548", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2020-9548" }, { "cve": "CVE-2021-20190", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-20190" }, { "cve": "CVE-2021-20323", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-20323" }, { "cve": "CVE-2021-21290", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-21290" }, { "cve": "CVE-2021-21295", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-21295" }, { "cve": "CVE-2021-21409", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-21409" }, { "cve": "CVE-2021-23840", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-23840" }, { "cve": "CVE-2021-23841", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-23841" }, { "cve": "CVE-2021-2471", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-2471" }, { "cve": "CVE-2021-25642", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-25642" }, { "cve": "CVE-2021-26341", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-26341" }, { "cve": "CVE-2021-27918", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-27918" }, { "cve": "CVE-2021-28153", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-28153" }, { "cve": "CVE-2021-28165", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-28165" }, { "cve": "CVE-2021-28169", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-28169" }, { "cve": "CVE-2021-28861", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-28861" }, { "cve": "CVE-2021-29425", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-29425" }, { "cve": "CVE-2021-30560", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-30560" }, { "cve": "CVE-2021-3114", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3114" }, { "cve": "CVE-2021-33036", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-33036" }, { "cve": "CVE-2021-33194", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-33194" }, { "cve": "CVE-2021-33195", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-33195" }, { "cve": "CVE-2021-33196", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-33196" }, { "cve": "CVE-2021-33197", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-33197" }, { "cve": "CVE-2021-33503", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-33503" }, { "cve": "CVE-2021-33655", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-33655" }, { "cve": "CVE-2021-33656", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-33656" }, { "cve": "CVE-2021-3424", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3424" }, { "cve": "CVE-2021-34428", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-34428" }, { "cve": "CVE-2021-3449", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3449" }, { "cve": "CVE-2021-3450", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3450" }, { "cve": "CVE-2021-3530", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3530" }, { "cve": "CVE-2021-36221", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-36221" }, { "cve": "CVE-2021-36373", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-36373" }, { "cve": "CVE-2021-36374", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-36374" }, { "cve": "CVE-2021-3648", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3648" }, { "cve": "CVE-2021-36690", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-36690" }, { "cve": "CVE-2021-3711", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3711" }, { "cve": "CVE-2021-3712", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3712" }, { "cve": "CVE-2021-37136", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-37136" }, { "cve": "CVE-2021-37137", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-37137" }, { "cve": "CVE-2021-37404", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-37404" }, { "cve": "CVE-2021-37533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-37533" }, { "cve": "CVE-2021-3754", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3754" }, { "cve": "CVE-2021-3778", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3778" }, { "cve": "CVE-2021-3796", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3796" }, { "cve": "CVE-2021-3826", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3826" }, { "cve": "CVE-2021-3827", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3827" }, { "cve": "CVE-2021-38297", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-38297" }, { "cve": "CVE-2021-3872", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3872" }, { "cve": "CVE-2021-3875", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3875" }, { "cve": "CVE-2021-3903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3903" }, { "cve": "CVE-2021-3923", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3923" }, { "cve": "CVE-2021-3927", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3927" }, { "cve": "CVE-2021-3928", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3928" }, { "cve": "CVE-2021-3968", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3968" }, { "cve": "CVE-2021-3973", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3973" }, { "cve": "CVE-2021-3974", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3974" }, { "cve": "CVE-2021-3984", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-3984" }, { "cve": "CVE-2021-4019", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-4019" }, { "cve": "CVE-2021-4037", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-4037" }, { "cve": "CVE-2021-4069", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-4069" }, { "cve": "CVE-2021-4104", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-4104" }, { "cve": "CVE-2021-4136", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-4136" }, { "cve": "CVE-2021-4157", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-4157" }, { "cve": "CVE-2021-4166", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-4166" }, { "cve": "CVE-2021-41771", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-41771" }, { "cve": "CVE-2021-4192", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-4192" }, { "cve": "CVE-2021-4193", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-4193" }, { "cve": "CVE-2021-4203", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-4203" }, { "cve": "CVE-2021-42567", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-42567" }, { "cve": "CVE-2021-43797", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-43797" }, { "cve": "CVE-2021-44531", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-44531" }, { "cve": "CVE-2021-44532", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-44532" }, { "cve": "CVE-2021-44533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-44533" }, { "cve": "CVE-2021-44716", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-44716" }, { "cve": "CVE-2021-44878", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-44878" }, { "cve": "CVE-2021-45078", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-45078" }, { "cve": "CVE-2021-46195", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-46195" }, { "cve": "CVE-2021-46828", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-46828" }, { "cve": "CVE-2021-46848", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2021-46848" }, { "cve": "CVE-2022-0128", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-0128" }, { "cve": "CVE-2022-0213", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-0213" }, { "cve": "CVE-2022-0225", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-0225" }, { "cve": "CVE-2022-0261", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-0261" }, { "cve": "CVE-2022-0318", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-0318" }, { "cve": "CVE-2022-0319", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-0319" }, { "cve": "CVE-2022-0351", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-0351" }, { "cve": "CVE-2022-0359", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-0359" }, { "cve": "CVE-2022-0361", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-0361" }, { "cve": "CVE-2022-0392", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-0392" }, { "cve": "CVE-2022-0407", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-0407" }, { "cve": "CVE-2022-0413", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-0413" }, { "cve": "CVE-2022-0561", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-0561" }, { "cve": "CVE-2022-0696", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-0696" }, { "cve": "CVE-2022-0778", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-0778" }, { "cve": "CVE-2022-1184", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1184" }, { "cve": "CVE-2022-1245", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1245" }, { "cve": "CVE-2022-1271", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1271" }, { "cve": "CVE-2022-1292", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1292" }, { "cve": "CVE-2022-1381", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1381" }, { "cve": "CVE-2022-1420", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1420" }, { "cve": "CVE-2022-1462", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1462" }, { "cve": "CVE-2022-1466", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1466" }, { "cve": "CVE-2022-1471", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1471" }, { "cve": "CVE-2022-1586", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1586" }, { "cve": "CVE-2022-1587", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1587" }, { "cve": "CVE-2022-1616", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1616" }, { "cve": "CVE-2022-1619", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1619" }, { "cve": "CVE-2022-1620", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1620" }, { "cve": "CVE-2022-1679", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1679" }, { "cve": "CVE-2022-1705", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1705" }, { "cve": "CVE-2022-1720", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1720" }, { "cve": "CVE-2022-1729", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1729" }, { "cve": "CVE-2022-1733", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1733" }, { "cve": "CVE-2022-1735", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1735" }, { "cve": "CVE-2022-1771", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1771" }, { "cve": "CVE-2022-1785", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1785" }, { "cve": "CVE-2022-1796", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1796" }, { "cve": "CVE-2022-1851", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1851" }, { "cve": "CVE-2022-1897", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1897" }, { "cve": "CVE-2022-1898", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1898" }, { "cve": "CVE-2022-1927", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1927" }, { "cve": "CVE-2022-1962", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1962" }, { "cve": "CVE-2022-1968", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1968" }, { "cve": "CVE-2022-1974", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1974" }, { "cve": "CVE-2022-1975", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-1975" }, { "cve": "CVE-2022-20132", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-20132" }, { "cve": "CVE-2022-20141", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-20141" }, { "cve": "CVE-2022-20154", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-20154" }, { "cve": "CVE-2022-20166", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-20166" }, { "cve": "CVE-2022-20368", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-20368" }, { "cve": "CVE-2022-20369", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-20369" }, { "cve": "CVE-2022-2047", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2047" }, { "cve": "CVE-2022-2048", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2048" }, { "cve": "CVE-2022-20567", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-20567" }, { "cve": "CVE-2022-2068", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2068" }, { "cve": "CVE-2022-2097", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2097" }, { "cve": "CVE-2022-21216", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-21216" }, { "cve": "CVE-2022-21233", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-21233" }, { "cve": "CVE-2022-2124", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2124" }, { "cve": "CVE-2022-2125", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2125" }, { "cve": "CVE-2022-2126", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2126" }, { "cve": "CVE-2022-2129", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2129" }, { "cve": "CVE-2022-21363", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-21363" }, { "cve": "CVE-2022-21385", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-21385" }, { "cve": "CVE-2022-21499", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-21499" }, { "cve": "CVE-2022-2153", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2153" }, { "cve": "CVE-2022-21540", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-21540" }, { "cve": "CVE-2022-21541", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-21541" }, { "cve": "CVE-2022-21549", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-21549" }, { "cve": "CVE-2022-21618", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-21618" }, { "cve": "CVE-2022-21619", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-21619" }, { "cve": "CVE-2022-21624", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-21624" }, { "cve": "CVE-2022-21626", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-21626" }, { "cve": "CVE-2022-21628", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-21628" }, { "cve": "CVE-2022-21702", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-21702" }, { "cve": "CVE-2022-2175", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2175" }, { "cve": "CVE-2022-2182", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2182" }, { "cve": "CVE-2022-2183", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2183" }, { "cve": "CVE-2022-2206", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2206" }, { "cve": "CVE-2022-2207", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2207" }, { "cve": "CVE-2022-2208", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2208" }, { "cve": "CVE-2022-2210", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2210" }, { "cve": "CVE-2022-2231", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2231" }, { "cve": "CVE-2022-2256", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2256" }, { "cve": "CVE-2022-2257", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2257" }, { "cve": "CVE-2022-2264", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2264" }, { "cve": "CVE-2022-2284", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2284" }, { "cve": "CVE-2022-2285", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2285" }, { "cve": "CVE-2022-2286", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2286" }, { "cve": "CVE-2022-2287", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2287" }, { "cve": "CVE-2022-22976", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-22976" }, { "cve": "CVE-2022-22978", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-22978" }, { "cve": "CVE-2022-2304", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2304" }, { "cve": "CVE-2022-2318", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2318" }, { "cve": "CVE-2022-23302", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-23302" }, { "cve": "CVE-2022-23305", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-23305" }, { "cve": "CVE-2022-23307", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-23307" }, { "cve": "CVE-2022-2343", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2343" }, { "cve": "CVE-2022-2344", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2344" }, { "cve": "CVE-2022-2345", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2345" }, { "cve": "CVE-2022-23471", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-23471" }, { "cve": "CVE-2022-23521", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-23521" }, { "cve": "CVE-2022-23772", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-23772" }, { "cve": "CVE-2022-23773", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-23773" }, { "cve": "CVE-2022-24302", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-24302" }, { "cve": "CVE-2022-24329", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-24329" }, { "cve": "CVE-2022-24823", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-24823" }, { "cve": "CVE-2022-24903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-24903" }, { "cve": "CVE-2022-2503", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2503" }, { "cve": "CVE-2022-25147", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-25147" }, { "cve": "CVE-2022-25168", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-25168" }, { "cve": "CVE-2022-2519", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2519" }, { "cve": "CVE-2022-2520", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2520" }, { "cve": "CVE-2022-2521", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2521" }, { "cve": "CVE-2022-2522", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2522" }, { "cve": "CVE-2022-25647", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-25647" }, { "cve": "CVE-2022-2571", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2571" }, { "cve": "CVE-2022-2580", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2580" }, { "cve": "CVE-2022-2581", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2581" }, { "cve": "CVE-2022-25857", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-25857" }, { "cve": "CVE-2022-2588", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2588" }, { "cve": "CVE-2022-2598", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2598" }, { "cve": "CVE-2022-26148", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-26148" }, { "cve": "CVE-2022-26365", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-26365" }, { "cve": "CVE-2022-26373", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-26373" }, { "cve": "CVE-2022-2639", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2639" }, { "cve": "CVE-2022-26612", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-26612" }, { "cve": "CVE-2022-2663", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2663" }, { "cve": "CVE-2022-27781", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-27781" }, { "cve": "CVE-2022-27782", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-27782" }, { "cve": "CVE-2022-27943", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-27943" }, { "cve": "CVE-2022-2795", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2795" }, { "cve": "CVE-2022-28131", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-28131" }, { "cve": "CVE-2022-2816", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2816" }, { "cve": "CVE-2022-2817", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2817" }, { "cve": "CVE-2022-2819", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2819" }, { "cve": "CVE-2022-28327", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-28327" }, { "cve": "CVE-2022-2845", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2845" }, { "cve": "CVE-2022-2849", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2849" }, { "cve": "CVE-2022-2862", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2862" }, { "cve": "CVE-2022-2867", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2867" }, { "cve": "CVE-2022-2868", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2868" }, { "cve": "CVE-2022-2869", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2869" }, { "cve": "CVE-2022-28693", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-28693" }, { "cve": "CVE-2022-2874", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2874" }, { "cve": "CVE-2022-28748", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-28748" }, { "cve": "CVE-2022-2880", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2880" }, { "cve": "CVE-2022-2889", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2889" }, { "cve": "CVE-2022-29162", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-29162" }, { "cve": "CVE-2022-29187", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-29187" }, { "cve": "CVE-2022-2923", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2923" }, { "cve": "CVE-2022-2946", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2946" }, { "cve": "CVE-2022-29526", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-29526" }, { "cve": "CVE-2022-29583", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-29583" }, { "cve": "CVE-2022-2964", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2964" }, { "cve": "CVE-2022-2977", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2977" }, { "cve": "CVE-2022-2980", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2980" }, { "cve": "CVE-2022-2982", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2982" }, { "cve": "CVE-2022-29900", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-29900" }, { "cve": "CVE-2022-29901", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-29901" }, { "cve": "CVE-2022-2991", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-2991" }, { "cve": "CVE-2022-3016", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3016" }, { "cve": "CVE-2022-3028", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3028" }, { "cve": "CVE-2022-3037", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3037" }, { "cve": "CVE-2022-30580", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-30580" }, { "cve": "CVE-2022-30630", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-30630" }, { "cve": "CVE-2022-30631", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-30631" }, { "cve": "CVE-2022-30632", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-30632" }, { "cve": "CVE-2022-30633", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-30633" }, { "cve": "CVE-2022-3099", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3099" }, { "cve": "CVE-2022-31030", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-31030" }, { "cve": "CVE-2022-31159", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-31159" }, { "cve": "CVE-2022-3134", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3134" }, { "cve": "CVE-2022-3153", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3153" }, { "cve": "CVE-2022-3169", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3169" }, { "cve": "CVE-2022-31690", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-31690" }, { "cve": "CVE-2022-32148", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-32148" }, { "cve": "CVE-2022-32149", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-32149" }, { "cve": "CVE-2022-32206", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-32206" }, { "cve": "CVE-2022-32208", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-32208" }, { "cve": "CVE-2022-32221", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-32221" }, { "cve": "CVE-2022-3234", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3234" }, { "cve": "CVE-2022-3235", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3235" }, { "cve": "CVE-2022-3239", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3239" }, { "cve": "CVE-2022-3278", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3278" }, { "cve": "CVE-2022-3296", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3296" }, { "cve": "CVE-2022-3297", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3297" }, { "cve": "CVE-2022-33196", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-33196" }, { "cve": "CVE-2022-3324", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3324" }, { "cve": "CVE-2022-3352", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3352" }, { "cve": "CVE-2022-33740", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-33740" }, { "cve": "CVE-2022-33741", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-33741" }, { "cve": "CVE-2022-33742", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-33742" }, { "cve": "CVE-2022-33972", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-33972" }, { "cve": "CVE-2022-33981", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-33981" }, { "cve": "CVE-2022-34169", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-34169" }, { "cve": "CVE-2022-3424", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3424" }, { "cve": "CVE-2022-34266", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-34266" }, { "cve": "CVE-2022-34526", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-34526" }, { "cve": "CVE-2022-34903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-34903" }, { "cve": "CVE-2022-3491", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3491" }, { "cve": "CVE-2022-3515", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3515" }, { "cve": "CVE-2022-3520", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3520" }, { "cve": "CVE-2022-3521", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3521" }, { "cve": "CVE-2022-3524", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3524" }, { "cve": "CVE-2022-35252", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-35252" }, { "cve": "CVE-2022-3542", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3542" }, { "cve": "CVE-2022-3545", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3545" }, { "cve": "CVE-2022-3564", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3564" }, { "cve": "CVE-2022-3565", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3565" }, { "cve": "CVE-2022-3566", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3566" }, { "cve": "CVE-2022-3567", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3567" }, { "cve": "CVE-2022-35737", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-35737" }, { "cve": "CVE-2022-3586", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3586" }, { "cve": "CVE-2022-3591", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3591" }, { "cve": "CVE-2022-3594", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3594" }, { "cve": "CVE-2022-3597", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3597" }, { "cve": "CVE-2022-3599", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3599" }, { "cve": "CVE-2022-36109", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-36109" }, { "cve": "CVE-2022-3621", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3621" }, { "cve": "CVE-2022-3626", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3626" }, { "cve": "CVE-2022-3627", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3627" }, { "cve": "CVE-2022-3628", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3628" }, { "cve": "CVE-2022-36280", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-36280" }, { "cve": "CVE-2022-3629", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3629" }, { "cve": "CVE-2022-3635", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3635" }, { "cve": "CVE-2022-3643", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3643" }, { "cve": "CVE-2022-36437", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-36437" }, { "cve": "CVE-2022-3646", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3646" }, { "cve": "CVE-2022-3649", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3649" }, { "cve": "CVE-2022-36760", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-36760" }, { "cve": "CVE-2022-36879", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-36879" }, { "cve": "CVE-2022-36946", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-36946" }, { "cve": "CVE-2022-3705", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3705" }, { "cve": "CVE-2022-37434", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-37434" }, { "cve": "CVE-2022-37436", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-37436" }, { "cve": "CVE-2022-37865", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-37865" }, { "cve": "CVE-2022-37866", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-37866" }, { "cve": "CVE-2022-38090", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-38090" }, { "cve": "CVE-2022-38096", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-38096" }, { "cve": "CVE-2022-38126", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-38126" }, { "cve": "CVE-2022-38127", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-38127" }, { "cve": "CVE-2022-38177", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-38177" }, { "cve": "CVE-2022-38178", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-38178" }, { "cve": "CVE-2022-3821", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3821" }, { "cve": "CVE-2022-38533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-38533" }, { "cve": "CVE-2022-38749", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-38749" }, { "cve": "CVE-2022-38750", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-38750" }, { "cve": "CVE-2022-38751", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-38751" }, { "cve": "CVE-2022-38752", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-38752" }, { "cve": "CVE-2022-39028", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-39028" }, { "cve": "CVE-2022-3903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3903" }, { "cve": "CVE-2022-39188", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-39188" }, { "cve": "CVE-2022-39399", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-39399" }, { "cve": "CVE-2022-3970", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-3970" }, { "cve": "CVE-2022-40149", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-40149" }, { "cve": "CVE-2022-40150", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-40150" }, { "cve": "CVE-2022-40151", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-40151" }, { "cve": "CVE-2022-40152", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-40152" }, { "cve": "CVE-2022-40153", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-40153" }, { "cve": "CVE-2022-40303", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-40303" }, { "cve": "CVE-2022-40304", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-40304" }, { "cve": "CVE-2022-40307", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-40307" }, { "cve": "CVE-2022-40674", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-40674" }, { "cve": "CVE-2022-40768", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-40768" }, { "cve": "CVE-2022-40899", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-40899" }, { "cve": "CVE-2022-4095", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-4095" }, { "cve": "CVE-2022-41218", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-41218" }, { "cve": "CVE-2022-4129", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-4129" }, { "cve": "CVE-2022-4141", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-4141" }, { "cve": "CVE-2022-41717", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-41717" }, { "cve": "CVE-2022-41721", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-41721" }, { "cve": "CVE-2022-41848", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-41848" }, { "cve": "CVE-2022-41850", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-41850" }, { "cve": "CVE-2022-41854", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-41854" }, { "cve": "CVE-2022-41858", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-41858" }, { "cve": "CVE-2022-41881", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-41881" }, { "cve": "CVE-2022-41903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-41903" }, { "cve": "CVE-2022-41915", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-41915" }, { "cve": "CVE-2022-41966", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-41966" }, { "cve": "CVE-2022-41974", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-41974" }, { "cve": "CVE-2022-42003", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-42003" }, { "cve": "CVE-2022-42004", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-42004" }, { "cve": "CVE-2022-42010", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-42010" }, { "cve": "CVE-2022-42011", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-42011" }, { "cve": "CVE-2022-42012", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-42012" }, { "cve": "CVE-2022-42328", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-42328" }, { "cve": "CVE-2022-42329", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-42329" }, { "cve": "CVE-2022-42703", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-42703" }, { "cve": "CVE-2022-42889", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-42889" }, { "cve": "CVE-2022-42895", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-42895" }, { "cve": "CVE-2022-42896", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-42896" }, { "cve": "CVE-2022-42898", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-42898" }, { "cve": "CVE-2022-4292", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-4292" }, { "cve": "CVE-2022-4293", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-4293" }, { "cve": "CVE-2022-42969", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-42969" }, { "cve": "CVE-2022-4304", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-4304" }, { "cve": "CVE-2022-43552", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-43552" }, { "cve": "CVE-2022-43680", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-43680" }, { "cve": "CVE-2022-43750", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-43750" }, { "cve": "CVE-2022-4378", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-4378" }, { "cve": "CVE-2022-43945", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-43945" }, { "cve": "CVE-2022-43995", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-43995" }, { "cve": "CVE-2022-4415", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-4415" }, { "cve": "CVE-2022-4450", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-4450" }, { "cve": "CVE-2022-44638", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-44638" }, { "cve": "CVE-2022-45061", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-45061" }, { "cve": "CVE-2022-45688", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-45688" }, { "cve": "CVE-2022-45884", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-45884" }, { "cve": "CVE-2022-45885", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-45885" }, { "cve": "CVE-2022-45886", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-45886" }, { "cve": "CVE-2022-45887", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-45887" }, { "cve": "CVE-2022-45919", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-45919" }, { "cve": "CVE-2022-45934", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-45934" }, { "cve": "CVE-2022-45939", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-45939" }, { "cve": "CVE-2022-4662", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-4662" }, { "cve": "CVE-2022-46751", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-46751" }, { "cve": "CVE-2022-46908", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-46908" }, { "cve": "CVE-2022-47629", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-47629" }, { "cve": "CVE-2022-47929", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-47929" }, { "cve": "CVE-2022-48281", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-48281" }, { "cve": "CVE-2022-48337", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-48337" }, { "cve": "CVE-2022-48339", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2022-48339" }, { "cve": "CVE-2023-0045", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-0045" }, { "cve": "CVE-2023-0049", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-0049" }, { "cve": "CVE-2023-0051", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-0051" }, { "cve": "CVE-2023-0054", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-0054" }, { "cve": "CVE-2023-0215", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-0215" }, { "cve": "CVE-2023-0286", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-0286" }, { "cve": "CVE-2023-0288", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-0288" }, { "cve": "CVE-2023-0433", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-0433" }, { "cve": "CVE-2023-0464", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-0464" }, { "cve": "CVE-2023-0465", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-0465" }, { "cve": "CVE-2023-0466", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-0466" }, { "cve": "CVE-2023-0512", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-0512" }, { "cve": "CVE-2023-0590", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-0590" }, { "cve": "CVE-2023-0597", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-0597" }, { "cve": "CVE-2023-0833", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-0833" }, { "cve": "CVE-2023-1076", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-1076" }, { "cve": "CVE-2023-1095", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-1095" }, { "cve": "CVE-2023-1118", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-1118" }, { "cve": "CVE-2023-1127", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-1127" }, { "cve": "CVE-2023-1170", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-1170" }, { "cve": "CVE-2023-1175", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-1175" }, { "cve": "CVE-2023-1370", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-1370" }, { "cve": "CVE-2023-1380", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-1380" }, { "cve": "CVE-2023-1390", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-1390" }, { "cve": "CVE-2023-1436", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-1436" }, { "cve": "CVE-2023-1513", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-1513" }, { "cve": "CVE-2023-1611", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-1611" }, { "cve": "CVE-2023-1670", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-1670" }, { "cve": "CVE-2023-1855", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-1855" }, { "cve": "CVE-2023-1989", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-1989" }, { "cve": "CVE-2023-1990", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-1990" }, { "cve": "CVE-2023-1998", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-1998" }, { "cve": "CVE-2023-20862", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-20862" }, { "cve": "CVE-2023-2124", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-2124" }, { "cve": "CVE-2023-2162", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-2162" }, { "cve": "CVE-2023-2176", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-2176" }, { "cve": "CVE-2023-21830", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-21830" }, { "cve": "CVE-2023-21835", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-21835" }, { "cve": "CVE-2023-21843", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-21843" }, { "cve": "CVE-2023-21930", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-21930" }, { "cve": "CVE-2023-21937", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-21937" }, { "cve": "CVE-2023-21938", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-21938" }, { "cve": "CVE-2023-21939", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-21939" }, { "cve": "CVE-2023-2194", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-2194" }, { "cve": "CVE-2023-21954", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-21954" }, { "cve": "CVE-2023-21967", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-21967" }, { "cve": "CVE-2023-21968", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-21968" }, { "cve": "CVE-2023-22490", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-22490" }, { "cve": "CVE-2023-2253", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-2253" }, { "cve": "CVE-2023-22809", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-22809" }, { "cve": "CVE-2023-23454", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-23454" }, { "cve": "CVE-2023-23455", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-23455" }, { "cve": "CVE-2023-23559", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-23559" }, { "cve": "CVE-2023-23916", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-23916" }, { "cve": "CVE-2023-23946", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-23946" }, { "cve": "CVE-2023-24329", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-24329" }, { "cve": "CVE-2023-24532", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-24532" }, { "cve": "CVE-2023-24534", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-24534" }, { "cve": "CVE-2023-2483", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-2483" }, { "cve": "CVE-2023-24998", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-24998" }, { "cve": "CVE-2023-2513", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-2513" }, { "cve": "CVE-2023-25193", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-25193" }, { "cve": "CVE-2023-25652", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-25652" }, { "cve": "CVE-2023-25690", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-25690" }, { "cve": "CVE-2023-25809", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-25809" }, { "cve": "CVE-2023-25815", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-25815" }, { "cve": "CVE-2023-26048", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-26048" }, { "cve": "CVE-2023-26049", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-26049" }, { "cve": "CVE-2023-2650", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-2650" }, { "cve": "CVE-2023-26545", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-26545" }, { "cve": "CVE-2023-26604", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-26604" }, { "cve": "CVE-2023-27533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-27533" }, { "cve": "CVE-2023-27534", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-27534" }, { "cve": "CVE-2023-27535", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-27535" }, { "cve": "CVE-2023-27536", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-27536" }, { "cve": "CVE-2023-27538", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-27538" }, { "cve": "CVE-2023-27561", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-27561" }, { "cve": "CVE-2023-2828", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-2828" }, { "cve": "CVE-2023-28320", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-28320" }, { "cve": "CVE-2023-28321", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-28321" }, { "cve": "CVE-2023-28322", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-28322" }, { "cve": "CVE-2023-28328", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-28328" }, { "cve": "CVE-2023-28464", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-28464" }, { "cve": "CVE-2023-28486", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-28486" }, { "cve": "CVE-2023-28487", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-28487" }, { "cve": "CVE-2023-28642", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-28642" }, { "cve": "CVE-2023-28772", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-28772" }, { "cve": "CVE-2023-28840", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-28840" }, { "cve": "CVE-2023-28841", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-28841" }, { "cve": "CVE-2023-28842", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-28842" }, { "cve": "CVE-2023-29007", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-29007" }, { "cve": "CVE-2023-29383", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-29383" }, { "cve": "CVE-2023-29402", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-29402" }, { "cve": "CVE-2023-29406", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-29406" }, { "cve": "CVE-2023-29409", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-29409" }, { "cve": "CVE-2023-2976", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-2976" }, { "cve": "CVE-2023-30630", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-30630" }, { "cve": "CVE-2023-30772", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-30772" }, { "cve": "CVE-2023-31084", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-31084" }, { "cve": "CVE-2023-3138", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-3138" }, { "cve": "CVE-2023-31436", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-31436" }, { "cve": "CVE-2023-31484", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-31484" }, { "cve": "CVE-2023-32269", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-32269" }, { "cve": "CVE-2023-32697", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-32697" }, { "cve": "CVE-2023-33264", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-33264" }, { "cve": "CVE-2023-34034", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-34034" }, { "cve": "CVE-2023-34035", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-34035" }, { "cve": "CVE-2023-34453", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-34453" }, { "cve": "CVE-2023-34454", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-34454" }, { "cve": "CVE-2023-34455", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-34455" }, { "cve": "CVE-2023-34462", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-34462" }, { "cve": "CVE-2023-35116", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-35116" }, { "cve": "CVE-2023-3635", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-3635" }, { "cve": "CVE-2023-36479", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-36479" }, { "cve": "CVE-2023-39533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-39533" }, { "cve": "CVE-2023-40167", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-40167" }, { "cve": "CVE-2023-40217", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-40217" }, { "cve": "CVE-2023-41105", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-41105" }, { "cve": "CVE-2023-41900", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-41900" }, { "cve": "CVE-2023-43642", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-43642" }, { "cve": "CVE-2023-43804", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-43804" }, { "cve": "CVE-2023-44487", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-44487" }, { "cve": "CVE-2023-45803", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2023-45803" }, { "cve": "CVE-2024-21626", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033919" ] }, "release_date": "2024-04-04T22:00:00.000+00:00", "title": "CVE-2024-21626" } ] }
wid-sec-w-2023-0119
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Oracle Utilities Applications ist eine Produktfamilie mit branchenspezifischen L\u00f6sungen f\u00fcr Ver- und Entsorger.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Utilities Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-0119 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0119.json" }, { "category": "self", "summary": "WID-SEC-2023-0119 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0119" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - January 2023 - Appendix Oracle Utilities Applications vom 2023-01-17", "url": "https://www.oracle.com/security-alerts/cpujan2023.html#AppendixUTIL" } ], "source_lang": "en-US", "title": "Oracle Utilities Applications: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-01-17T23:00:00.000+00:00", "generator": { "date": "2024-08-15T17:41:42.652+00:00", "engine": { "name": "BSI-WID", "version": "1.3.5" } }, "id": "WID-SEC-W-2023-0119", "initial_release_date": "2023-01-17T23:00:00.000+00:00", "revision_history": [ { "date": "2023-01-17T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Utilities Applications 4.4.0.3.0", "product": { "name": "Oracle Utilities Applications 4.4.0.3.0", "product_id": "T025917", "product_identification_helper": { "cpe": "cpe:/a:oracle:utilities:4.4.0.3.0" } } }, { "category": "product_name", "name": "Oracle Utilities Applications 4.5.0.0.0", "product": { "name": "Oracle Utilities Applications 4.5.0.0.0", "product_id": "T025918", "product_identification_helper": { "cpe": "cpe:/a:oracle:utilities:4.5.0.0.0" } } }, { "category": "product_name", "name": "Oracle Utilities Applications 2.3.0.2", "product": { "name": "Oracle Utilities Applications 2.3.0.2", "product_id": "T025919", "product_identification_helper": { "cpe": "cpe:/a:oracle:utilities:2.3.0.2" } } }, { "category": "product_name", "name": "Oracle Utilities Applications 2.4.0.1", "product": { "name": "Oracle Utilities Applications 2.4.0.1", "product_id": "T025920", "product_identification_helper": { "cpe": "cpe:/a:oracle:utilities:2.4.0.1" } } }, { "category": "product_name", "name": "Oracle Utilities Applications 2.5.0.0", "product": { "name": "Oracle Utilities Applications 2.5.0.0", "product_id": "T025921", "product_identification_helper": { "cpe": "cpe:/a:oracle:utilities:2.5.0.0" } } }, { "category": "product_name", "name": "Oracle Utilities Applications 2.5.0.1", "product": { "name": "Oracle Utilities Applications 2.5.0.1", "product_id": "T025922", "product_identification_helper": { "cpe": "cpe:/a:oracle:utilities:2.5.0.1" } } }, { "category": "product_name", "name": "Oracle Utilities Applications 2.5.0.2", "product": { "name": "Oracle Utilities Applications 2.5.0.2", "product_id": "T025923", "product_identification_helper": { "cpe": "cpe:/a:oracle:utilities:2.5.0.2" } } }, { "category": "product_name", "name": "Oracle Utilities Applications 4.3.0.5.0", "product": { "name": "Oracle Utilities Applications 4.3.0.5.0", "product_id": "T025924", "product_identification_helper": { "cpe": "cpe:/a:oracle:utilities:4.3.0.5.0" } } }, { "category": "product_name", "name": "Oracle Utilities Applications 4.3.0.6.0", "product": { "name": "Oracle Utilities Applications 4.3.0.6.0", "product_id": "T025925", "product_identification_helper": { "cpe": "cpe:/a:oracle:utilities:4.3.0.6.0" } } }, { "category": "product_name", "name": "Oracle Utilities Applications 4.4.0.0.0", "product": { "name": "Oracle Utilities Applications 4.4.0.0.0", "product_id": "T025926", "product_identification_helper": { "cpe": "cpe:/a:oracle:utilities:4.4.0.0.0" } } }, { "category": "product_name", "name": "Oracle Utilities Applications 4.4.0.2.0", "product": { "name": "Oracle Utilities Applications 4.4.0.2.0", "product_id": "T025927", "product_identification_helper": { "cpe": "cpe:/a:oracle:utilities:4.4.0.2.0" } } }, { "category": "product_name", "name": "Oracle Utilities Applications \u003c= 2.5.0.2", "product": { "name": "Oracle Utilities Applications \u003c= 2.5.0.2", "product_id": "T025928", "product_identification_helper": { "cpe": "cpe:/a:oracle:utilities:2.5.0.2" } } } ], "category": "product_name", "name": "Utilities Applications" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-42889", "notes": [ { "category": "description", "text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T025925", "T025924", "T025927", "T025926", "T025921", "T025920", "T025923", "T025922", "T025918", "T025917", "T025919" ], "last_affected": [ "T025928" ] }, "release_date": "2023-01-17T23:00:00.000+00:00", "title": "CVE-2022-42889" }, { "cve": "CVE-2022-42003", "notes": [ { "category": "description", "text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T025925", "T025924", "T025927", "T025926", "T025921", "T025920", "T025923", "T025922", "T025918", "T025917", "T025919" ], "last_affected": [ "T025928" ] }, "release_date": "2023-01-17T23:00:00.000+00:00", "title": "CVE-2022-42003" }, { "cve": "CVE-2021-45105", "notes": [ { "category": "description", "text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T025925", "T025924", "T025927", "T025926", "T025921", "T025920", "T025923", "T025922", "T025918", "T025917", "T025919" ], "last_affected": [ "T025928" ] }, "release_date": "2023-01-17T23:00:00.000+00:00", "title": "CVE-2021-45105" }, { "cve": "CVE-2021-43797", "notes": [ { "category": "description", "text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T025925", "T025924", "T025927", "T025926", "T025921", "T025920", "T025923", "T025922", "T025918", "T025917", "T025919" ], "last_affected": [ "T025928" ] }, "release_date": "2023-01-17T23:00:00.000+00:00", "title": "CVE-2021-43797" }, { "cve": "CVE-2021-29425", "notes": [ { "category": "description", "text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T025925", "T025924", "T025927", "T025926", "T025921", "T025920", "T025923", "T025922", "T025918", "T025917", "T025919" ], "last_affected": [ "T025928" ] }, "release_date": "2023-01-17T23:00:00.000+00:00", "title": "CVE-2021-29425" }, { "cve": "CVE-2020-11979", "notes": [ { "category": "description", "text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T025925", "T025924", "T025927", "T025926", "T025921", "T025920", "T025923", "T025922", "T025918", "T025917", "T025919" ], "last_affected": [ "T025928" ] }, "release_date": "2023-01-17T23:00:00.000+00:00", "title": "CVE-2020-11979" }, { "cve": "CVE-2020-10683", "notes": [ { "category": "description", "text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T025925", "T025924", "T025927", "T025926", "T025921", "T025920", "T025923", "T025922", "T025918", "T025917", "T025919" ], "last_affected": [ "T025928" ] }, "release_date": "2023-01-17T23:00:00.000+00:00", "title": "CVE-2020-10683" } ] }
var-202010-1567
Vulnerability from variot
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process. Apache Ant Contains an unspecified vulnerability.Information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apache Ant is a set of automation tools for Java software development developed by the Apache Software Foundation. This tool is mainly used for software compilation, testing and deployment. The vulnerability stems from the fact that the network system or product lacks correct verification of user input data during the operation process of user input to construct commands, data structures, or records, and does not filter or correctly filter out special elements in it, resulting in parsing or failure of the system or product. Wrong way of interpreting. Linux Security Advisory GLSA 202011-18
https://security.gentoo.org/
Severity: Normal Title: Apache Ant: Insecure temporary file Date: November 16, 2020 Bugs: #745768 ID: 202011-18
Synopsis
Apache Ant uses various insecure temporary files possibly allowing local code execution.
Background
Ant is a Java-based build tool similar to ‘make’ that uses XML configuration files.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/ant < 1.10.9 >= 1.10.9
Description
A previous fix for a security vulnerability involving insecure temporary files has been found to be incomplete.
Impact
A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All Apache Ant users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/ant-1.10.9"
References
[ 1 ] CVE-2020-11979 https://nvd.nist.gov/vuln/detail/CVE-2020-11979 [ 2 ] GLSA-202007-34 https://security.gentoo.org/glsa/202007-34
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202011-18
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. Bugs fixed (https://bugzilla.redhat.com/):
1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1903702 - CVE-2020-11979 ant: insecure temporary file 1921322 - CVE-2021-21615 jenkins: Filesystem traversal by privileged users 1925140 - CVE-2021-21608 jenkins: Stored XSS vulnerability in button labels 1925141 - CVE-2021-21609 jenkins: Missing permission check for paths with specific prefix 1925143 - CVE-2021-21605 jenkins: Path traversal vulnerability in agent names 1925145 - CVE-2021-21611 jenkins: Stored XSS vulnerability on new item page 1925151 - CVE-2021-21610 jenkins: Reflected XSS vulnerability in markup formatter preview 1925156 - CVE-2021-21607 jenkins: Excessive memory allocation in graph URLs leads to denial of service 1925157 - CVE-2021-21604 jenkins: Improper handling of REST API XML deserialization errors 1925159 - CVE-2021-21606 jenkins: Arbitrary file existence check in file fingerprints 1925160 - CVE-2021-21603 jenkins: XSS vulnerability in notification bar 1925161 - CVE-2021-21602 jenkins: Arbitrary file read vulnerability in workspace browsers 1925674 - Placeholder bug for OCP 4.6.0 rpm release
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 3.11.394 bug fix and security update Advisory ID: RHSA-2021:0637-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:0637 Issue date: 2021-03-03 CVE Names: CVE-2020-1945 CVE-2020-2304 CVE-2020-2305 CVE-2020-2306 CVE-2020-2307 CVE-2020-2308 CVE-2020-2309 CVE-2020-11979 CVE-2020-25658 ==================================================================== 1. Summary:
Red Hat OpenShift Container Platform release 3.11.394 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat OpenShift Container Platform 3.11 - noarch, ppc64le, x86_64
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
-
jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2304)
-
jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2305)
-
ant: Insecure temporary file vulnerability (CVE-2020-1945)
-
jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure (CVE-2020-2306)
-
jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes plug-in (CVE-2020-2307)
-
jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates (CVE-2020-2308)
-
jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes plug-in allows enumerating credentials IDs (CVE-2020-2309)
-
ant: Insecure temporary file (CVE-2020-11979)
-
python-rsa: Bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.394. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:0638
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r elease_notes.html
This update fixes the following bugs among others:
-
Previously, the restart-cluster playbook did not evaluate the defined cluster size for ops clusters. This was causing come clusters to never complete their restart. This bug fix passes the logging ops cluster size, allowing restarts of ops clusters to complete successfully. (BZ#1879407)
-
Previously, the
openshift_named_certificates
role checked the contents of theca-bundle.crt
file during cluster installation. This caused the check to fail during initial installation because theca-bundle.crt
file is not yet created in that scenario. This bug fix allows the cluster to skip checking theca-bundle.crt
file if it does not exist, resulting in initial installations succeeding. (BZ#1920567) -
Previously, if the
openshift_release
attribute was not set in the Ansible inventory file, the nodes of the cluster would fail during an upgrade. This was caused by thecluster_facts.yml
file being gathered before theopenshift_release
attribute was defined by the upgrade playbook. Now thecluster_facts.yml
file is gathered after theopenshift_version
role runs and theopenshift_release
attribute is set, allowing for successful node upgrades. (BZ#1921353)
All OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images.
- Solution:
Before applying this update, ensure all previously released errata relevant to your system is applied.
See the following documentation, which will be updated shortly for release 3.11.394, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r elease_notes.html
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.
- Bugs fixed (https://bugzilla.redhat.com/):
1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1849003 - fact dicts returned are of type string rather than dict 1873346 - In-place upgrade of OCP 3.11 does not upgrade Kuryr components 1879407 - The restart-cluster playbook doesn't take into account that openshift_logging_es_ops_cluster_size could be different from openshift_logging_es_cluster_size 1889972 - CVE-2020-25658 python-rsa: bleichenbacher timing oracle attack against RSA decryption 1895939 - CVE-2020-2304 jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks 1895940 - CVE-2020-2305 jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks 1895941 - CVE-2020-2306 jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure 1895945 - CVE-2020-2307 jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin 1895946 - CVE-2020-2308 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates 1895947 - CVE-2020-2309 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs 1903699 - Prometheus consumes all available memory 1903702 - CVE-2020-11979 ant: insecure temporary file 1918392 - Unable to access kibana URLafter enabling HTTP2 on Haproxy router 1920567 - [release-3.11] - ca-bundle.crt(/etc/origin/master/ca-bundle.crt) is missing on the fresh installation process 1921353 - OCP 3.11.374 Upgrade fails with Either OpenShift needs to be installed or openshift_release needs to be specified 1924614 - Provide jenkins agent image for maven36 1924811 - Provide jenkins agent image for maven36 1929170 - kuryr-cni pods in crashloop after updating OCP due to RuntimeError caused by attempting to delete eth0 host interface 1929216 - KeyError: 'addresses' in kuryr-controller when Endpoints' slice only lists notReadyAddresses
- Package List:
Red Hat OpenShift Container Platform 3.11:
Source: atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.src.rpm atomic-openshift-3.11.394-1.git.0.e03a88e.el7.src.rpm atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.src.rpm atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.src.rpm atomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.src.rpm atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.src.rpm atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.src.rpm atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.src.rpm atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.src.rpm golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.src.rpm golang-github-prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.src.rpm golang-github-prometheus-node_exporter-3.11.394-1.git.1062.8adc4b8.el7.src.rpm golang-github-prometheus-prometheus-3.11.394-1.git.5026.2c9627f.el7.src.rpm haproxy-1.8.28-1.el7.src.rpm jenkins-2-plugins-3.11.1612862361-1.el7.src.rpm jenkins-2.263.3.1612433584-1.el7.src.rpm openshift-ansible-3.11.394-6.git.0.47ec25d.el7.src.rpm openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.src.rpm openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.src.rpm openshift-kuryr-3.11.394-1.git.1490.16ed375.el7.src.rpm python-rsa-4.5-3.el7.src.rpm
noarch: atomic-openshift-docker-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm atomic-openshift-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm jenkins-2-plugins-3.11.1612862361-1.el7.noarch.rpm jenkins-2.263.3.1612433584-1.el7.noarch.rpm openshift-ansible-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-docs-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-playbooks-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-roles-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-test-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-kuryr-cni-3.11.394-1.git.1490.16ed375.el7.noarch.rpm openshift-kuryr-common-3.11.394-1.git.1490.16ed375.el7.noarch.rpm openshift-kuryr-controller-3.11.394-1.git.1490.16ed375.el7.noarch.rpm python2-kuryr-kubernetes-3.11.394-1.git.1490.16ed375.el7.noarch.rpm python2-rsa-4.5-3.el7.noarch.rpm
ppc64le: atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm atomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm atomic-openshift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.ppc64le.rpm atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.ppc64le.rpm atomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.ppc64le.rpm atomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.ppc64le.rpm atomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.ppc64le.rpm atomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.ppc64le.rpm golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.ppc64le.rpm haproxy-debuginfo-1.8.28-1.el7.ppc64le.rpm haproxy18-1.8.28-1.el7.ppc64le.rpm openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.ppc64le.rpm openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.ppc64le.rpm prometheus-3.11.394-1.git.5026.2c9627f.el7.ppc64le.rpm prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.ppc64le.rpm prometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.ppc64le.rpm
x86_64: atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm atomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm atomic-openshift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-clients-redistributable-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.x86_64.rpm atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.x86_64.rpm atomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.x86_64.rpm atomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.x86_64.rpm atomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.x86_64.rpm atomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.x86_64.rpm atomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.x86_64.rpm golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.x86_64.rpm haproxy-debuginfo-1.8.28-1.el7.x86_64.rpm haproxy18-1.8.28-1.el7.x86_64.rpm openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.x86_64.rpm openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.x86_64.rpm prometheus-3.11.394-1.git.5026.2c9627f.el7.x86_64.rpm prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.x86_64.rpm prometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-1945 https://access.redhat.com/security/cve/CVE-2020-2304 https://access.redhat.com/security/cve/CVE-2020-2305 https://access.redhat.com/security/cve/CVE-2020-2306 https://access.redhat.com/security/cve/CVE-2020-2307 https://access.redhat.com/security/cve/CVE-2020-2308 https://access.redhat.com/security/cve/CVE-2020-2309 https://access.redhat.com/security/cve/CVE-2020-11979 https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYD+BmNzjgjWX9erEAQjE+Q//ZZiX1bD9qOdi3w9TpwdZLagxnE5NTy5Z Ru/GN0qaTIBHo8QHZqgt6jBT5ADfW0KgEdA3N+fi43f4ud5fO+2eQcdE4oeSAE93 T5PAL+UBlb4ykAqQQnLVMO8G5Hc2IOw68wZjC+YFcEB36FnZifCk/z14OdUR3WyT g5ohmXKJw3ojfOsPK0ZIePS4V7RwTosagKHdyVa+tpxxVlkcZf2q08e5U7YkkhKv d/4UzYfGYtpm8ozYde1Cvs6cCU2ar7VQjsGW597BgSMXYESDqnPTKUJ5y8btFTwL j5z0ZSc96MBOkyebqxqhNdeFwg4liCl0RhBSUBhsG6e40Du8+3+LPUS579R1cp8N qCW0ODujVh804XNOXSqGAbmPXb6BL8uIY6j4kdzfZH4xgBGG1oOhiUcjPrJQkohD 7fRf/aLCtRno9d98oylMuxPWEf4XfeltF4zin8hWdvBlfSxfy6aGjdmXcHWIP3Es 4jL7h5IBtTn/8IXO5kXUlBeHOTNfjA48W/MmxyN6TNoTFrrsgR1pk7RUCxjAgOi/ Nk/IYlBheWb1Bvm/QCMpA5qDUSNZnmADw6BBRoViE+/DKBM9/DEUX6KOq6H3Ak0v wA7QOAVVk2COxBJCsmy7EJUJYMuyfrNkovukWKHUQQuDFcjy5nWYbGmmejX/STB2 +rElYOcZkO0=9NLN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "33" }, { "_id": null, "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.7.1" }, { "_id": null, "model": "retail regular price optimization", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3" }, { "_id": null, "model": "data integrator", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "_id": null, "model": "financial services analytical applications infrastructure", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1.1" }, { "_id": null, "model": "retail financial integration", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.3" }, { "_id": null, "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.6" }, { "_id": null, "model": "communications unified inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4.1" }, { "_id": null, "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "16.2.0" }, { "_id": null, "model": "retail integration bus", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3" }, { "_id": null, "model": "financial services analytical applications infrastructure", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "_id": null, "model": "retail item planning", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3" }, { "_id": null, "model": "agile engineering data management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.2.1.0" }, { "_id": null, "model": "endeca information discovery studio", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.2.0.0" }, { "_id": null, "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "_id": null, "model": "flexcube private banking", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0" }, { "_id": null, "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.1" }, { "_id": null, "model": "retail financial integration", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3" }, { "_id": null, "model": "flexcube private banking", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.1.0" }, { "_id": null, "model": "retail store inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3.0" }, { "_id": null, "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.9" }, { "_id": null, "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0.2" }, { "_id": null, "model": "gradle", "scope": "lt", "trust": 1.0, "vendor": "gradle", "version": "6.8.0" }, { "_id": null, "model": "storagetek acsls", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.5.1" }, { "_id": null, "model": "retail predictive application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "_id": null, "model": "retail store inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.3.9" }, { "_id": null, "model": "retail merchandise financial planning", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3" }, { "_id": null, "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.4.0" }, { "_id": null, "model": "retail financial integration", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3" }, { "_id": null, "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0.4" }, { "_id": null, "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.7.0" }, { "_id": null, "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "32" }, { "_id": null, "model": "real-time decision server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.1.1.9.0" }, { "_id": null, "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3" }, { "_id": null, "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.3" }, { "_id": null, "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.2" }, { "_id": null, "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "_id": null, "model": "retail eftlink", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.0.0" }, { "_id": null, "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.8.0" }, { "_id": null, "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3" }, { "_id": null, "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "31" }, { "_id": null, "model": "retail replenishment optimization", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3" }, { "_id": null, "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4.0.2.0" }, { "_id": null, "model": "timesten in-memory database", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "11.2.2.8.27" }, { "_id": null, "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0" }, { "_id": null, "model": "ant", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.10.8" }, { "_id": null, "model": "retail assortment planning", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3" }, { "_id": null, "model": "banking treasury management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.4" }, { "_id": null, "model": "enterprise repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.1.1.7.0" }, { "_id": null, "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3" }, { "_id": null, "model": "retail store inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3.0" }, { "_id": null, "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.3.0.5.0" }, { "_id": null, "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "_id": null, "model": "retail advanced inventory planning", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "_id": null, "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "_id": null, "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.4.1" }, { "_id": null, "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0.3" }, { "_id": null, "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.6.2" }, { "_id": null, "model": "retail macro space optimization", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3" }, { "_id": null, "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.4" }, { "_id": null, "model": "retail category management planning \\\u0026 optimization", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3" }, { "_id": null, "model": "api gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.1.2.4.0" }, { "_id": null, "model": "financial services analytical applications infrastructure", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.9" }, { "_id": null, "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12" }, { "_id": null, "model": "retail size profile optimization", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3" }, { "_id": null, "model": "storagetek tape analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.4" }, { "_id": null, "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.3.0.6.0" }, { "_id": null, "model": "financial services analytical applications infrastructure", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1.0" }, { "_id": null, "model": "communications unified inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4.0" }, { "_id": null, "model": "real-time decision server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.2.0.0" }, { "_id": null, "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4.0.0.0" }, { "_id": null, "model": "retail eftlink", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0.1" }, { "_id": null, "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.3.2" }, { "_id": null, "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "16.2.11" }, { "_id": null, "model": "data integrator", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "_id": null, "model": "ant", "scope": null, "trust": 0.8, "vendor": "apache", "version": null }, { "_id": null, "model": "gradle", "scope": null, "trust": 0.8, "vendor": "gradle", "version": null }, { "_id": null, "model": "oracle banking platform", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "_id": null, "model": "oracle enterprise repository", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "_id": null, "model": "oracle financial services analytical applications infrastructure", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "_id": null, "model": "primavera gateway", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "_id": null, "model": "primavera unifier", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "_id": null, "model": "oracle retail financial integration", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "_id": null, "model": "oracle retail integration bus", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "_id": null, "model": "oracle retail service backbone", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "_id": null, "model": "oracle retail store inventory management", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "_id": null, "model": "fedora", "scope": null, "trust": 0.8, "vendor": "fedora", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-012067" }, { "db": "NVD", "id": "CVE-2020-11979" } ] }, "credits": { "_id": null, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "161644" }, { "db": "PACKETSTORM", "id": "161454" }, { "db": "PACKETSTORM", "id": "161647" }, { "db": "CNNVD", "id": "CNNVD-202010-015" } ], "trust": 0.9 }, "cve": "CVE-2020-11979", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2020-11979", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-164611", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2020-11979", "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2020-11979", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-11979", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-11979", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202010-015", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-164611", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-11979", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-164611" }, { "db": "VULMON", "id": "CVE-2020-11979" }, { "db": "JVNDB", "id": "JVNDB-2020-012067" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202010-015" }, { "db": "NVD", "id": "CVE-2020-11979" } ] }, "description": { "_id": null, "data": "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process. Apache Ant Contains an unspecified vulnerability.Information may be tampered with. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apache Ant is a set of automation tools for Java software development developed by the Apache Software Foundation. This tool is mainly used for software compilation, testing and deployment. The vulnerability stems from the fact that the network system or product lacks correct verification of user input data during the operation process of user input to construct commands, data structures, or records, and does not filter or correctly filter out special elements in it, resulting in parsing or failure of the system or product. Wrong way of interpreting. \n Linux Security Advisory GLSA 202011-18\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Apache Ant: Insecure temporary file\n Date: November 16, 2020\n Bugs: #745768\n ID: 202011-18\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nApache Ant uses various insecure temporary files possibly allowing\nlocal code execution. \n\nBackground\n==========\n\nAnt is a Java-based build tool similar to \u2018make\u2019 that uses XML\nconfiguration files. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/ant \u003c 1.10.9 \u003e= 1.10.9 \n\nDescription\n===========\n\nA previous fix for a security vulnerability involving insecure\ntemporary files has been found to be incomplete. \n\nImpact\n======\n\nA local attacker could perform symlink attacks to overwrite arbitrary\nfiles with the privileges of the user running the application. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache Ant users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/ant-1.10.9\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-11979\n https://nvd.nist.gov/vuln/detail/CVE-2020-11979\n[ 2 ] GLSA-202007-34\n https://security.gentoo.org/glsa/202007-34\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202011-18\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability\n1903702 - CVE-2020-11979 ant: insecure temporary file\n1921322 - CVE-2021-21615 jenkins: Filesystem traversal by privileged users\n1925140 - CVE-2021-21608 jenkins: Stored XSS vulnerability in button labels\n1925141 - CVE-2021-21609 jenkins: Missing permission check for paths with specific prefix\n1925143 - CVE-2021-21605 jenkins: Path traversal vulnerability in agent names\n1925145 - CVE-2021-21611 jenkins: Stored XSS vulnerability on new item page\n1925151 - CVE-2021-21610 jenkins: Reflected XSS vulnerability in markup formatter preview\n1925156 - CVE-2021-21607 jenkins: Excessive memory allocation in graph URLs leads to denial of service\n1925157 - CVE-2021-21604 jenkins: Improper handling of REST API XML deserialization errors\n1925159 - CVE-2021-21606 jenkins: Arbitrary file existence check in file fingerprints\n1925160 - CVE-2021-21603 jenkins: XSS vulnerability in notification bar\n1925161 - CVE-2021-21602 jenkins: Arbitrary file read vulnerability in workspace browsers\n1925674 - Placeholder bug for OCP 4.6.0 rpm release\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 3.11.394 bug fix and security update\nAdvisory ID: RHSA-2021:0637-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0637\nIssue date: 2021-03-03\nCVE Names: CVE-2020-1945 CVE-2020-2304 CVE-2020-2305\n CVE-2020-2306 CVE-2020-2307 CVE-2020-2308\n CVE-2020-2309 CVE-2020-11979 CVE-2020-25658\n====================================================================\n1. Summary:\n\nRed Hat OpenShift Container Platform release 3.11.394 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat OpenShift Container Platform 3.11 - noarch, ppc64le, x86_64\n\n3. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* jenkins-2-plugins/subversion: XML parser is not preventing XML external\nentity (XXE) attacks (CVE-2020-2304)\n\n* jenkins-2-plugins/mercurial: XML parser is not preventing XML external\nentity (XXE) attacks (CVE-2020-2305)\n\n* ant: Insecure temporary file vulnerability (CVE-2020-1945)\n\n* jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint\ncould result in information disclosure (CVE-2020-2306)\n\n* jenkins-2-plugins/kubernetes: Jenkins controller environment variables\nare accessible in Kubernetes plug-in (CVE-2020-2307)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes\nPlugin allows listing pod templates (CVE-2020-2308)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes\nplug-in allows enumerating credentials IDs (CVE-2020-2309)\n\n* ant: Insecure temporary file (CVE-2020-11979)\n\n* python-rsa: Bleichenbacher timing oracle attack against RSA decryption\n(CVE-2020-25658)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 3.11.394. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:0638\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r\nelease_notes.html\n\nThis update fixes the following bugs among others:\n\n* Previously, the restart-cluster playbook did not evaluate the defined\ncluster size for ops clusters. This was causing come clusters to never\ncomplete their restart. This bug fix passes the logging ops cluster size,\nallowing restarts of ops clusters to complete successfully. (BZ#1879407)\n\n* Previously, the `openshift_named_certificates` role checked the contents\nof the `ca-bundle.crt` file during cluster installation. This caused the\ncheck to fail during initial installation because the `ca-bundle.crt` file\nis not yet created in that scenario. This bug fix allows the cluster to\nskip checking the `ca-bundle.crt` file if it does not exist, resulting in\ninitial installations succeeding. (BZ#1920567)\n\n* Previously, if the `openshift_release` attribute was not set in the\nAnsible inventory file, the nodes of the cluster would fail during an\nupgrade. This was caused by the `cluster_facts.yml` file being gathered\nbefore the `openshift_release` attribute was defined by the upgrade\nplaybook. Now the `cluster_facts.yml` file is gathered after the\n`openshift_version` role runs and the `openshift_release` attribute is set,\nallowing for successful node upgrades. (BZ#1921353)\n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to these\nupdated packages and images. \n\n4. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system is applied. \n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and\nfully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r\nelease_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability\n1849003 - fact dicts returned are of type string rather than dict\n1873346 - In-place upgrade of OCP 3.11 does not upgrade Kuryr components\n1879407 - The restart-cluster playbook doesn\u0027t take into account that openshift_logging_es_ops_cluster_size could be different from openshift_logging_es_cluster_size\n1889972 - CVE-2020-25658 python-rsa: bleichenbacher timing oracle attack against RSA decryption\n1895939 - CVE-2020-2304 jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks\n1895940 - CVE-2020-2305 jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks\n1895941 - CVE-2020-2306 jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure\n1895945 - CVE-2020-2307 jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin\n1895946 - CVE-2020-2308 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates\n1895947 - CVE-2020-2309 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs\n1903699 - Prometheus consumes all available memory\n1903702 - CVE-2020-11979 ant: insecure temporary file\n1918392 - Unable to access kibana URLafter enabling HTTP2 on Haproxy router\n1920567 - [release-3.11] - ca-bundle.crt(/etc/origin/master/ca-bundle.crt) is missing on the fresh installation process\n1921353 - OCP 3.11.374 Upgrade fails with Either OpenShift needs to be installed or openshift_release needs to be specified\n1924614 - Provide jenkins agent image for maven36\n1924811 - Provide jenkins agent image for maven36\n1929170 - kuryr-cni pods in crashloop after updating OCP due to RuntimeError caused by attempting to delete eth0 host interface\n1929216 - KeyError: \u0027addresses\u0027 in kuryr-controller when Endpoints\u0027 slice only lists notReadyAddresses\n\n6. Package List:\n\nRed Hat OpenShift Container Platform 3.11:\n\nSource:\natomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.src.rpm\natomic-openshift-3.11.394-1.git.0.e03a88e.el7.src.rpm\natomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.src.rpm\natomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.src.rpm\natomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.src.rpm\natomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.src.rpm\natomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.src.rpm\natomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.src.rpm\natomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.src.rpm\ngolang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.src.rpm\ngolang-github-prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.src.rpm\ngolang-github-prometheus-node_exporter-3.11.394-1.git.1062.8adc4b8.el7.src.rpm\ngolang-github-prometheus-prometheus-3.11.394-1.git.5026.2c9627f.el7.src.rpm\nhaproxy-1.8.28-1.el7.src.rpm\njenkins-2-plugins-3.11.1612862361-1.el7.src.rpm\njenkins-2.263.3.1612433584-1.el7.src.rpm\nopenshift-ansible-3.11.394-6.git.0.47ec25d.el7.src.rpm\nopenshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.src.rpm\nopenshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.src.rpm\nopenshift-kuryr-3.11.394-1.git.1490.16ed375.el7.src.rpm\npython-rsa-4.5-3.el7.src.rpm\n\nnoarch:\natomic-openshift-docker-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm\natomic-openshift-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm\njenkins-2-plugins-3.11.1612862361-1.el7.noarch.rpm\njenkins-2.263.3.1612433584-1.el7.noarch.rpm\nopenshift-ansible-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-ansible-docs-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-ansible-playbooks-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-ansible-roles-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-ansible-test-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-kuryr-cni-3.11.394-1.git.1490.16ed375.el7.noarch.rpm\nopenshift-kuryr-common-3.11.394-1.git.1490.16ed375.el7.noarch.rpm\nopenshift-kuryr-controller-3.11.394-1.git.1490.16ed375.el7.noarch.rpm\npython2-kuryr-kubernetes-3.11.394-1.git.1490.16ed375.el7.noarch.rpm\npython2-rsa-4.5-3.el7.noarch.rpm\n\nppc64le:\natomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm\natomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm\natomic-openshift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.ppc64le.rpm\natomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.ppc64le.rpm\natomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.ppc64le.rpm\natomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.ppc64le.rpm\natomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.ppc64le.rpm\natomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.ppc64le.rpm\ngolang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.ppc64le.rpm\nhaproxy-debuginfo-1.8.28-1.el7.ppc64le.rpm\nhaproxy18-1.8.28-1.el7.ppc64le.rpm\nopenshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.ppc64le.rpm\nopenshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.ppc64le.rpm\nprometheus-3.11.394-1.git.5026.2c9627f.el7.ppc64le.rpm\nprometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.ppc64le.rpm\nprometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.ppc64le.rpm\n\nx86_64:\natomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm\natomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm\natomic-openshift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-clients-redistributable-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.x86_64.rpm\natomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.x86_64.rpm\natomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.x86_64.rpm\natomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.x86_64.rpm\natomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.x86_64.rpm\natomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.x86_64.rpm\natomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.x86_64.rpm\ngolang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.x86_64.rpm\nhaproxy-debuginfo-1.8.28-1.el7.x86_64.rpm\nhaproxy18-1.8.28-1.el7.x86_64.rpm\nopenshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.x86_64.rpm\nopenshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.x86_64.rpm\nprometheus-3.11.394-1.git.5026.2c9627f.el7.x86_64.rpm\nprometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.x86_64.rpm\nprometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-1945\nhttps://access.redhat.com/security/cve/CVE-2020-2304\nhttps://access.redhat.com/security/cve/CVE-2020-2305\nhttps://access.redhat.com/security/cve/CVE-2020-2306\nhttps://access.redhat.com/security/cve/CVE-2020-2307\nhttps://access.redhat.com/security/cve/CVE-2020-2308\nhttps://access.redhat.com/security/cve/CVE-2020-2309\nhttps://access.redhat.com/security/cve/CVE-2020-11979\nhttps://access.redhat.com/security/cve/CVE-2020-25658\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYD+BmNzjgjWX9erEAQjE+Q//ZZiX1bD9qOdi3w9TpwdZLagxnE5NTy5Z\nRu/GN0qaTIBHo8QHZqgt6jBT5ADfW0KgEdA3N+fi43f4ud5fO+2eQcdE4oeSAE93\nT5PAL+UBlb4ykAqQQnLVMO8G5Hc2IOw68wZjC+YFcEB36FnZifCk/z14OdUR3WyT\ng5ohmXKJw3ojfOsPK0ZIePS4V7RwTosagKHdyVa+tpxxVlkcZf2q08e5U7YkkhKv\nd/4UzYfGYtpm8ozYde1Cvs6cCU2ar7VQjsGW597BgSMXYESDqnPTKUJ5y8btFTwL\nj5z0ZSc96MBOkyebqxqhNdeFwg4liCl0RhBSUBhsG6e40Du8+3+LPUS579R1cp8N\nqCW0ODujVh804XNOXSqGAbmPXb6BL8uIY6j4kdzfZH4xgBGG1oOhiUcjPrJQkohD\n7fRf/aLCtRno9d98oylMuxPWEf4XfeltF4zin8hWdvBlfSxfy6aGjdmXcHWIP3Es\n4jL7h5IBtTn/8IXO5kXUlBeHOTNfjA48W/MmxyN6TNoTFrrsgR1pk7RUCxjAgOi/\nNk/IYlBheWb1Bvm/QCMpA5qDUSNZnmADw6BBRoViE+/DKBM9/DEUX6KOq6H3Ak0v\nwA7QOAVVk2COxBJCsmy7EJUJYMuyfrNkovukWKHUQQuDFcjy5nWYbGmmejX/STB2\n+rElYOcZkO0=9NLN\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2020-11979" }, { "db": "JVNDB", "id": "JVNDB-2020-012067" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-164611" }, { "db": "VULMON", "id": "CVE-2020-11979" }, { "db": "PACKETSTORM", "id": "160093" }, { "db": "PACKETSTORM", "id": "161644" }, { "db": "PACKETSTORM", "id": "161454" }, { "db": "PACKETSTORM", "id": "161647" } ], "trust": 2.7 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-11979", "trust": 3.0 }, { "db": "PACKETSTORM", "id": "160093", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "161644", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "161454", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-012067", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042112", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042640", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021072823", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022042536", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042536", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012312", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042319", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021072778", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.6025", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0771", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0599", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0315", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.1653", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202010-015", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "161647", "trust": 0.2 }, { "db": "CNVD", "id": "CNVD-2020-57125", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-164611", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-11979", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-164611" }, { "db": "VULMON", "id": "CVE-2020-11979" }, { "db": "JVNDB", "id": "JVNDB-2020-012067" }, { "db": "PACKETSTORM", "id": "160093" }, { "db": "PACKETSTORM", "id": "161644" }, { "db": "PACKETSTORM", "id": "161454" }, { "db": "PACKETSTORM", "id": "161647" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202010-015" }, { "db": "NVD", "id": "CVE-2020-11979" } ] }, "id": "VAR-202010-1567", "iot": { "_id": null, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-164611" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T19:35:47.808000Z", "patch": { "_id": null, "data": [ { "title": "Apache\u00a0Ant\u00a0insecure\u00a0temporary\u00a0file\u00a0vulnerability Oracle Oracle\u00a0Critical\u00a0Patch\u00a0Update", "trust": 0.8, "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E" }, { "title": "Apache Ant Repair measures for injecting vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=130249" }, { "title": "Debian CVElist Bug Report Logs: ant: CVE-2020-11979", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=2a449f8fc892d50c69e07a3668964924" }, { "title": "IBM: Security Bulletin: Vulnerability in Apache Ant affects IBM Spectrum Symphony", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3dd0d4ffb8383347639c4ccc74310f32" }, { "title": "Arch Linux Advisories: [ASA-202012-5] ant: arbitrary code execution", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202012-5" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-11979 log" }, { "title": "Red Hat: Important: OpenShift Container Platform 4.6.17 security and packages update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210423 - Security Advisory" }, { "title": "IBM: Security Bulletin: Apache Ant Vulnerabilities Affect IBM Control Center (CVE-2020-1945, CVE-2020-11979)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=141b2e54160a76a0f41beef4db28270e" }, { "title": "IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0bf006d622ea4a9435b282864e760566" }, { "title": "IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c47c09015d1429df4a71453000607351" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-11979" }, { "db": "JVNDB", "id": "JVNDB-2020-012067" }, { "db": "CNNVD", "id": "CNNVD-202010-015" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-379", "trust": 1.0 }, { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "Other (CWE-Other) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": "CWE-74", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-164611" }, { "db": "JVNDB", "id": "JVNDB-2020-012067" }, { "db": "NVD", "id": "CVE-2020-11979" } ] }, "references": { "_id": null, "data": [ { "trust": 2.4, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 2.3, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 2.3, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.9, "url": "https://security.gentoo.org/glsa/202011-18" }, { "trust": 1.8, "url": "https://github.com/gradle/gradle/security/advisories/ghsa-j45w-qrgf-25vm" }, { "trust": 1.8, "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3cdev.ant.apache.org%3e" }, { "trust": 1.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11979" }, { "trust": 1.7, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3cdev.creadur.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3cdev.creadur.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3cdev.creadur.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3cdev.creadur.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/u3nrqq7ecii4zngw7gbc225lvympqekb/" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3cdev.creadur.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3cdev.creadur.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/aalw42fwnq35f7kb3jvrc6nbvv7aayyi/" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3cdev.creadur.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/dybrn5c2rw7jry75ib7q7zvkzchwaqws/" }, { "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/u3nrqq7ecii4zngw7gbc225lvympqekb/" }, { "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/dybrn5c2rw7jry75ib7q7zvkzchwaqws/" }, { "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/aalw42fwnq35f7kb3jvrc6nbvv7aayyi/" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3cdev.creadur.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3cdev.creadur.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3cdev.creadur.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3cdev.creadur.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3cdev.creadur.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3cdev.creadur.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3cdev.creadur.apache.org%3e" }, { "trust": 0.7, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-ant-affects-ibm-spectrum-symphony/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-gradle-version-in-ibp-javaenv-and-dind-images-depends-on-vulnerable-apache-ant/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0315/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0599" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042536" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/160093/gentoo-linux-security-advisory-202011-18.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072778" }, { "trust": 0.6, "url": "https://www.oracle.com/security-alerts/cpujul2021.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042112" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-apache-ant-as-used-by-ibm-qradar-siem-is-vulnerable-to-insecure-temporary-files-cve-2020-11979/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012312" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/apache-ant-information-disclosure-via-fixcrlf-task-temporary-files-permissions-33683" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/161454/red-hat-security-advisory-2021-0423-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.1653" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042319" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022042536" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-as-mitigation-for-cve-2020-1945-apache-ant-1-10-8-changed-the-permissions-of-temporary-files-it-created-so-that-only-the-current-user-was-allowed-to-access-them/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/161644/red-hat-security-advisory-2021-0429-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-apache-ant-vulnerabilities-affect-ibm-control-center-cve-2020-1945-cve-2020-11979/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0771" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072823" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.6025" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042640" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-1945" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.3, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1945" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11979" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-21607" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-21606" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-21608" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-21609" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21602" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21608" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-21603" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21603" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-21611" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21605" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-21610" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21607" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-21605" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21609" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-21602" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21604" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-21604" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-21615" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21610" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21615" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21606" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21611" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971612" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://security.gentoo.org/glsa/202007-34" }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.5/updating/updating-cluster" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0429" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0428" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0423" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2021:0424" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25658" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2308" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2306" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2306" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258." }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2308" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2307" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2021:0638" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2304" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2309" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2305" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2309" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0637" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2305" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2304" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2307" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25658" } ], "sources": [ { "db": "VULHUB", "id": "VHN-164611" }, { "db": "VULMON", "id": "CVE-2020-11979" }, { "db": "JVNDB", "id": "JVNDB-2020-012067" }, { "db": "PACKETSTORM", "id": "160093" }, { "db": "PACKETSTORM", "id": "161644" }, { "db": "PACKETSTORM", "id": "161454" }, { "db": "PACKETSTORM", "id": "161647" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202010-015" }, { "db": "NVD", "id": "CVE-2020-11979" } ] }, "sources": { "_id": null, "data": [ { "db": "VULHUB", "id": "VHN-164611", "ident": null }, { "db": "VULMON", "id": "CVE-2020-11979", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-012067", "ident": null }, { "db": "PACKETSTORM", "id": "160093", "ident": null }, { "db": "PACKETSTORM", "id": "161644", "ident": null }, { "db": "PACKETSTORM", "id": "161454", "ident": null }, { "db": "PACKETSTORM", "id": "161647", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202010-015", "ident": null }, { "db": "NVD", "id": "CVE-2020-11979", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2020-10-01T00:00:00", "db": "VULHUB", "id": "VHN-164611", "ident": null }, { "date": "2020-10-01T00:00:00", "db": "VULMON", "id": "CVE-2020-11979", "ident": null }, { "date": "2021-04-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-012067", "ident": null }, { "date": "2020-11-16T17:15:41", "db": "PACKETSTORM", "id": "160093", "ident": null }, { "date": "2021-03-03T15:53:12", "db": "PACKETSTORM", "id": "161644", "ident": null }, { "date": "2021-02-18T14:14:45", "db": "PACKETSTORM", "id": "161454", "ident": null }, { "date": "2021-03-03T15:53:58", "db": "PACKETSTORM", "id": "161647", "ident": null }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2020-10-01T00:00:00", "db": "CNNVD", "id": "CNNVD-202010-015", "ident": null }, { "date": "2020-10-01T20:15:13.033000", "db": "NVD", "id": "CVE-2020-11979", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2022-05-12T00:00:00", "db": "VULHUB", "id": "VHN-164611", "ident": null }, { "date": "2021-04-19T00:00:00", "db": "VULMON", "id": "CVE-2020-11979", "ident": null }, { "date": "2021-04-22T08:19:00", "db": "JVNDB", "id": "JVNDB-2020-012067", "ident": null }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975", "ident": null }, { "date": "2023-03-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202010-015", "ident": null }, { "date": "2024-11-21T04:59:02.170000", "db": "NVD", "id": "CVE-2020-11979", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202010-015" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Apache\u00a0Ant\u00a0 Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-012067" } ], "trust": 0.8 }, "type": { "_id": null, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202010-015" } ], "trust": 1.2 } }
ghsa-f62v-xpxf-3v68
Vulnerability from github
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.apache.ant:ant" }, "ranges": [ { "events": [ { "introduced": "1.10.8" }, { "fixed": "1.10.9" } ], "type": "ECOSYSTEM" } ], "versions": [ "1.10.8" ] } ], "aliases": [ "CVE-2020-11979" ], "database_specific": { "cwe_ids": [ "CWE-74", "CWE-94" ], "github_reviewed": true, "github_reviewed_at": "2021-02-03T19:14:47Z", "nvd_published_at": "2020-10-01T20:15:00Z", "severity": "HIGH" }, "details": "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.", "id": "GHSA-f62v-xpxf-3v68", "modified": "2024-04-02T19:23:03Z", "published": "2021-02-03T19:16:35Z", "references": [ { "type": "WEB", "url": "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11979" }, { "type": "WEB", "url": "https://github.com/apache/ant/commit/87ac51d3c22bcf7cfd0dc07cb0bd04a496e0d428" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "type": "WEB", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/202011-18" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E" }, { "type": "PACKAGE", "url": "https://github.com/apache/ant" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ], "summary": "Code injection in Apache Ant" }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.