rhea-2021_5066
Vulnerability from csaf_redhat
Published
2021-12-09 19:19
Modified
2024-11-22 17:18
Summary
Red Hat Enhancement Advisory: MTV 2.2.0 Images

Notes

Topic
Updated release packages fix several bugs and add various enhancements.
Details
Migration Toolkit for Virtualization (MTV) 2.2.0
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated release packages fix several bugs and add various enhancements.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Migration Toolkit for Virtualization (MTV) 2.2.0",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHEA-2021:5066",
        "url": "https://access.redhat.com/errata/RHEA-2021:5066"
      },
      {
        "category": "external",
        "summary": "1919636",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919636"
      },
      {
        "category": "external",
        "summary": "1944402",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944402"
      },
      {
        "category": "external",
        "summary": "1951660",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951660"
      },
      {
        "category": "external",
        "summary": "1953253",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953253"
      },
      {
        "category": "external",
        "summary": "1953989",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953989"
      },
      {
        "category": "external",
        "summary": "1957841",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957841"
      },
      {
        "category": "external",
        "summary": "1959229",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959229"
      },
      {
        "category": "external",
        "summary": "1959377",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959377"
      },
      {
        "category": "external",
        "summary": "1965030",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965030"
      },
      {
        "category": "external",
        "summary": "1965328",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965328"
      },
      {
        "category": "external",
        "summary": "1977260",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977260"
      },
      {
        "category": "external",
        "summary": "1981074",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981074"
      },
      {
        "category": "external",
        "summary": "1990596",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990596"
      },
      {
        "category": "external",
        "summary": "1990851",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990851"
      },
      {
        "category": "external",
        "summary": "1993089",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993089"
      },
      {
        "category": "external",
        "summary": "1993140",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993140"
      },
      {
        "category": "external",
        "summary": "1993259",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993259"
      },
      {
        "category": "external",
        "summary": "1994037",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994037"
      },
      {
        "category": "external",
        "summary": "1994042",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994042"
      },
      {
        "category": "external",
        "summary": "1994093",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994093"
      },
      {
        "category": "external",
        "summary": "1994146",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994146"
      },
      {
        "category": "external",
        "summary": "1994467",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994467"
      },
      {
        "category": "external",
        "summary": "1994479",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994479"
      },
      {
        "category": "external",
        "summary": "1994978",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994978"
      },
      {
        "category": "external",
        "summary": "1995075",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995075"
      },
      {
        "category": "external",
        "summary": "1995197",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995197"
      },
      {
        "category": "external",
        "summary": "1996360",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996360"
      },
      {
        "category": "external",
        "summary": "1996587",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996587"
      },
      {
        "category": "external",
        "summary": "1999163",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999163"
      },
      {
        "category": "external",
        "summary": "2011354",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011354"
      },
      {
        "category": "external",
        "summary": "2011785",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011785"
      },
      {
        "category": "external",
        "summary": "2011805",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011805"
      },
      {
        "category": "external",
        "summary": "2012130",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2012130"
      },
      {
        "category": "external",
        "summary": "2012564",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2012564"
      },
      {
        "category": "external",
        "summary": "2012732",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2012732"
      },
      {
        "category": "external",
        "summary": "2012799",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2012799"
      },
      {
        "category": "external",
        "summary": "2013687",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013687"
      },
      {
        "category": "external",
        "summary": "2014157",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014157"
      },
      {
        "category": "external",
        "summary": "2014177",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014177"
      },
      {
        "category": "external",
        "summary": "2015063",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015063"
      },
      {
        "category": "external",
        "summary": "2015813",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015813"
      },
      {
        "category": "external",
        "summary": "2015816",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015816"
      },
      {
        "category": "external",
        "summary": "2015940",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015940"
      },
      {
        "category": "external",
        "summary": "2016257",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016257"
      },
      {
        "category": "external",
        "summary": "2016931",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016931"
      },
      {
        "category": "external",
        "summary": "2017370",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2017370"
      },
      {
        "category": "external",
        "summary": "2017625",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2017625"
      },
      {
        "category": "external",
        "summary": "2018522",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018522"
      },
      {
        "category": "external",
        "summary": "2018939",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018939"
      },
      {
        "category": "external",
        "summary": "2018944",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018944"
      },
      {
        "category": "external",
        "summary": "2019307",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019307"
      },
      {
        "category": "external",
        "summary": "2020014",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020014"
      },
      {
        "category": "external",
        "summary": "2020297",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020297"
      },
      {
        "category": "external",
        "summary": "2021622",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021622"
      },
      {
        "category": "external",
        "summary": "2022651",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022651"
      },
      {
        "category": "external",
        "summary": "2023680",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023680"
      },
      {
        "category": "external",
        "summary": "2024138",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024138"
      },
      {
        "category": "external",
        "summary": "2024506",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024506"
      },
      {
        "category": "external",
        "summary": "2024554",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024554"
      },
      {
        "category": "external",
        "summary": "2025279",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025279"
      },
      {
        "category": "external",
        "summary": "2025526",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025526"
      },
      {
        "category": "external",
        "summary": "2026620",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026620"
      },
      {
        "category": "external",
        "summary": "2026702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026702"
      },
      {
        "category": "external",
        "summary": "2026804",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026804"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhea-2021_5066.json"
      }
    ],
    "title": "Red Hat Enhancement Advisory: MTV 2.2.0 Images",
    "tracking": {
      "current_release_date": "2024-11-22T17:18:51+00:00",
      "generator": {
        "date": "2024-11-22T17:18:51+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHEA-2021:5066",
      "initial_release_date": "2021-12-09T19:19:24+00:00",
      "revision_history": [
        {
          "date": "2021-12-09T19:19:24+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-12-09T19:19:24+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T17:18:51+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "8Base-MTV-2.2",
                "product": {
                  "name": "8Base-MTV-2.2",
                  "product_id": "8Base-MTV-2.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.2::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Migration Toolkit for Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel8\u0026tag=2.2.0-39"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-api-rhel8\u0026tag=2.2.0-53"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-rhel8\u0026tag=2.2.0-57"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle\u0026tag=2.2.0-104"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhel8-operator\u0026tag=2.2.0-59"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-ui-rhel8\u0026tag=2.2.0-60"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel8\u0026tag=2.2.0-36"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel8\u0026tag=2.2.0-18"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-3749",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-08-31T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1999784"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the nodejs axios. This flaw allows an attacker to provide crafted input to the trim function, which might cause high resources consumption and as a consequence lead to denial of service. The highest threat from this vulnerability is system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-axios: Regular expression denial of service in trim function",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* OpenShift Container Platform (OCP) grafana-container does package a vulnerable version of nodejs axios. However, due to the instance being read only and behind OpenShift OAuth, the impact of this vulnerability is Low.\n\n* Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.1 and previous versions does contain a vulnerable version of nodejs axios, RHACM 2.2 on towards are not affected versions. For RHACM 2.1, due to the instance being read only and behind OAuth, the impact of this vulnerability is Low.\n\n* Because Service Telemetry Framework 1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF\u0027s service-telemetry-operator-container and smart-gateway-operator-container.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64"
        ],
        "known_not_affected": [
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3749"
        },
        {
          "category": "external",
          "summary": "RHBZ#1999784",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999784"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3749",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3749"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3749",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3749"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929",
          "url": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929"
        },
        {
          "category": "external",
          "summary": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31",
          "url": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31"
        }
      ],
      "release_date": "2021-08-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-09T19:19:24+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\n        https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHEA-2021:5066"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-axios: Regular expression denial of service in trim function"
    },
    {
      "cve": "CVE-2021-41089",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "discovery_date": "2021-09-27T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2008592"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A file permissions vulnerability was found in Moby (Docker Engine). Copying files by using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host\u0027s filesystem, which might lead to permissions escalation and allow an attacker access to restricted data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "moby: `docker cp` allows unexpected chmod of host file",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), Migration Toolkit for Virtualization (MTV) and Red Hat Quay some components bundle github.com/moby/moby, but successful exploitation requires using a specially crafted container, therefore impact to these components is LOW.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64"
        ],
        "known_not_affected": [
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-41089"
        },
        {
          "category": "external",
          "summary": "RHBZ#2008592",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008592"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-41089",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-41089"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41089",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41089"
        },
        {
          "category": "external",
          "summary": "https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4",
          "url": "https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4"
        }
      ],
      "release_date": "2021-10-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-09T19:19:24+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\n        https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHEA-2021:5066"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "moby: `docker cp` allows unexpected chmod of host file"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.