rhsa-2022_4814
Vulnerability from csaf_redhat
Published
2022-05-31 09:48
Modified
2024-12-17 21:57
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.6.5 security and bug fix update

Notes

Topic
The Migration Toolkit for Containers (MTC) 1.6.5 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es): * nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807) * golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "The Migration Toolkit for Containers (MTC) 1.6.5 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es):\n\n* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)\n\n* golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:4814",
        "url": "https://access.redhat.com/errata/RHSA-2022:4814"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2006044",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006044"
      },
      {
        "category": "external",
        "summary": "2007557",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557"
      },
      {
        "category": "external",
        "summary": "2057579",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057579"
      },
      {
        "category": "external",
        "summary": "2072311",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072311"
      },
      {
        "category": "external",
        "summary": "2074044",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074044"
      },
      {
        "category": "external",
        "summary": "2074553",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074553"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4814.json"
      }
    ],
    "title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.6.5 security and bug fix update",
    "tracking": {
      "current_release_date": "2024-12-17T21:57:25+00:00",
      "generator": {
        "date": "2024-12-17T21:57:25+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2022:4814",
      "initial_release_date": "2022-05-31T09:48:42+00:00",
      "revision_history": [
        {
          "date": "2022-05-31T09:48:42+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-05-31T09:48:42+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T21:57:25+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "8Base-RHMTC-1.6",
                "product": {
                  "name": "8Base-RHMTC-1.6",
                  "product_id": "8Base-RHMTC-1.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhmt:1.6::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Migration Toolkit"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-controller-rhel8@sha256:eadd64a4cafcd3fc91908cd33a6d8b8ffceefa5a156d6e6ab3e009083efa492f_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-controller-rhel8@sha256:eadd64a4cafcd3fc91908cd33a6d8b8ffceefa5a156d6e6ab3e009083efa492f_amd64",
                  "product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:eadd64a4cafcd3fc91908cd33a6d8b8ffceefa5a156d6e6ab3e009083efa492f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:eadd64a4cafcd3fc91908cd33a6d8b8ffceefa5a156d6e6ab3e009083efa492f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.6.5-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:81539d76dc684112b82c813f50e462886526eca4d85d72c6fa7b19e1d653f917_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:81539d76dc684112b82c813f50e462886526eca4d85d72c6fa7b19e1d653f917_amd64",
                  "product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:81539d76dc684112b82c813f50e462886526eca4d85d72c6fa7b19e1d653f917_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:81539d76dc684112b82c813f50e462886526eca4d85d72c6fa7b19e1d653f917?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.6.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:87e2617616002346c1c8bf1ca4328dc71d58f5f2b7f49eb31165a789be8b747f_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:87e2617616002346c1c8bf1ca4328dc71d58f5f2b7f49eb31165a789be8b747f_amd64",
                  "product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:87e2617616002346c1c8bf1ca4328dc71d58f5f2b7f49eb31165a789be8b747f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:87e2617616002346c1c8bf1ca4328dc71d58f5f2b7f49eb31165a789be8b747f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.6.5-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-rhel8-operator@sha256:a98821722ebe5038776bd9f7a0cc1cd59ee5b2b6b2f64a0ba670302f38e3d1f2_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-rhel8-operator@sha256:a98821722ebe5038776bd9f7a0cc1cd59ee5b2b6b2f64a0ba670302f38e3d1f2_amd64",
                  "product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:a98821722ebe5038776bd9f7a0cc1cd59ee5b2b6b2f64a0ba670302f38e3d1f2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:a98821722ebe5038776bd9f7a0cc1cd59ee5b2b6b2f64a0ba670302f38e3d1f2?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.6.5-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-operator-bundle@sha256:bef6f99405b6ea016b794a11214f48abb1ed14e54fdafc8dc57a741a86a66980_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-operator-bundle@sha256:bef6f99405b6ea016b794a11214f48abb1ed14e54fdafc8dc57a741a86a66980_amd64",
                  "product_id": "rhmtc/openshift-migration-operator-bundle@sha256:bef6f99405b6ea016b794a11214f48abb1ed14e54fdafc8dc57a741a86a66980_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-operator-bundle@sha256:bef6f99405b6ea016b794a11214f48abb1ed14e54fdafc8dc57a741a86a66980?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.6.5-14"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-registry-rhel8@sha256:27206cb9901c89601d7440f06797d4f3f11a058ef169df7326475be781277724_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-registry-rhel8@sha256:27206cb9901c89601d7440f06797d4f3f11a058ef169df7326475be781277724_amd64",
                  "product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:27206cb9901c89601d7440f06797d4f3f11a058ef169df7326475be781277724_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:27206cb9901c89601d7440f06797d4f3f11a058ef169df7326475be781277724?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.6.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d7f77e58018abbb2f89a4d767ce3b70614bf74883c4e0238abd722d49c330a83_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d7f77e58018abbb2f89a4d767ce3b70614bf74883c4e0238abd722d49c330a83_amd64",
                  "product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d7f77e58018abbb2f89a4d767ce3b70614bf74883c4e0238abd722d49c330a83_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:d7f77e58018abbb2f89a4d767ce3b70614bf74883c4e0238abd722d49c330a83?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.6.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-ui-rhel8@sha256:afb05f33dcb4a5f5d07581acf8bbf1fab191f7a849eb32ed754629791013c22b_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-ui-rhel8@sha256:afb05f33dcb4a5f5d07581acf8bbf1fab191f7a849eb32ed754629791013c22b_amd64",
                  "product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:afb05f33dcb4a5f5d07581acf8bbf1fab191f7a849eb32ed754629791013c22b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:afb05f33dcb4a5f5d07581acf8bbf1fab191f7a849eb32ed754629791013c22b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.6.5-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-rhel8@sha256:cf1aabb5f8a931a9520490289a3f443d1df115a3f900e6c267af90a641124963_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-rhel8@sha256:cf1aabb5f8a931a9520490289a3f443d1df115a3f900e6c267af90a641124963_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:cf1aabb5f8a931a9520490289a3f443d1df115a3f900e6c267af90a641124963_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:cf1aabb5f8a931a9520490289a3f443d1df115a3f900e6c267af90a641124963?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.6.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:9f7a89167eb2c7450a0fea724bf31a83cd1baccdc04a27a2a6b808b55aa30387_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:9f7a89167eb2c7450a0fea724bf31a83cd1baccdc04a27a2a6b808b55aa30387_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:9f7a89167eb2c7450a0fea724bf31a83cd1baccdc04a27a2a6b808b55aa30387_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:9f7a89167eb2c7450a0fea724bf31a83cd1baccdc04a27a2a6b808b55aa30387?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.6.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:f34848547089c208a51d8f6b5296a978bd86b2f2a37a10845e255ca08259db64_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:f34848547089c208a51d8f6b5296a978bd86b2f2a37a10845e255ca08259db64_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:f34848547089c208a51d8f6b5296a978bd86b2f2a37a10845e255ca08259db64_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:f34848547089c208a51d8f6b5296a978bd86b2f2a37a10845e255ca08259db64?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.6.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:e867d7765f464a9460fc3fe5fda406db667d158273b462ed86c2ef275618f027_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:e867d7765f464a9460fc3fe5fda406db667d158273b462ed86c2ef275618f027_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:e867d7765f464a9460fc3fe5fda406db667d158273b462ed86c2ef275618f027_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:e867d7765f464a9460fc3fe5fda406db667d158273b462ed86c2ef275618f027?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.6.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:fff289d2412da6fa9f3b519d1bbf6cf730294ecf462087a84a697be63b513962_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:fff289d2412da6fa9f3b519d1bbf6cf730294ecf462087a84a697be63b513962_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:fff289d2412da6fa9f3b519d1bbf6cf730294ecf462087a84a697be63b513962_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:fff289d2412da6fa9f3b519d1bbf6cf730294ecf462087a84a697be63b513962?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.6.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:bcce92e939b72d317035fe3d188825b879d68441756835c8018d1bc2f434220d_amd64",
                "product": {
                  "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:bcce92e939b72d317035fe3d188825b879d68441756835c8018d1bc2f434220d_amd64",
                  "product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:bcce92e939b72d317035fe3d188825b879d68441756835c8018d1bc2f434220d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:bcce92e939b72d317035fe3d188825b879d68441756835c8018d1bc2f434220d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.6.5-3"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-controller-rhel8@sha256:eadd64a4cafcd3fc91908cd33a6d8b8ffceefa5a156d6e6ab3e009083efa492f_amd64 as a component of 8Base-RHMTC-1.6",
          "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:eadd64a4cafcd3fc91908cd33a6d8b8ffceefa5a156d6e6ab3e009083efa492f_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:eadd64a4cafcd3fc91908cd33a6d8b8ffceefa5a156d6e6ab3e009083efa492f_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:81539d76dc684112b82c813f50e462886526eca4d85d72c6fa7b19e1d653f917_amd64 as a component of 8Base-RHMTC-1.6",
          "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-log-reader-rhel8@sha256:81539d76dc684112b82c813f50e462886526eca4d85d72c6fa7b19e1d653f917_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:81539d76dc684112b82c813f50e462886526eca4d85d72c6fa7b19e1d653f917_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:87e2617616002346c1c8bf1ca4328dc71d58f5f2b7f49eb31165a789be8b747f_amd64 as a component of 8Base-RHMTC-1.6",
          "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-must-gather-rhel8@sha256:87e2617616002346c1c8bf1ca4328dc71d58f5f2b7f49eb31165a789be8b747f_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:87e2617616002346c1c8bf1ca4328dc71d58f5f2b7f49eb31165a789be8b747f_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-operator-bundle@sha256:bef6f99405b6ea016b794a11214f48abb1ed14e54fdafc8dc57a741a86a66980_amd64 as a component of 8Base-RHMTC-1.6",
          "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-operator-bundle@sha256:bef6f99405b6ea016b794a11214f48abb1ed14e54fdafc8dc57a741a86a66980_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:bef6f99405b6ea016b794a11214f48abb1ed14e54fdafc8dc57a741a86a66980_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-registry-rhel8@sha256:27206cb9901c89601d7440f06797d4f3f11a058ef169df7326475be781277724_amd64 as a component of 8Base-RHMTC-1.6",
          "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-registry-rhel8@sha256:27206cb9901c89601d7440f06797d4f3f11a058ef169df7326475be781277724_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:27206cb9901c89601d7440f06797d4f3f11a058ef169df7326475be781277724_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-rhel8-operator@sha256:a98821722ebe5038776bd9f7a0cc1cd59ee5b2b6b2f64a0ba670302f38e3d1f2_amd64 as a component of 8Base-RHMTC-1.6",
          "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-rhel8-operator@sha256:a98821722ebe5038776bd9f7a0cc1cd59ee5b2b6b2f64a0ba670302f38e3d1f2_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:a98821722ebe5038776bd9f7a0cc1cd59ee5b2b6b2f64a0ba670302f38e3d1f2_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d7f77e58018abbb2f89a4d767ce3b70614bf74883c4e0238abd722d49c330a83_amd64 as a component of 8Base-RHMTC-1.6",
          "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d7f77e58018abbb2f89a4d767ce3b70614bf74883c4e0238abd722d49c330a83_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d7f77e58018abbb2f89a4d767ce3b70614bf74883c4e0238abd722d49c330a83_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-ui-rhel8@sha256:afb05f33dcb4a5f5d07581acf8bbf1fab191f7a849eb32ed754629791013c22b_amd64 as a component of 8Base-RHMTC-1.6",
          "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:afb05f33dcb4a5f5d07581acf8bbf1fab191f7a849eb32ed754629791013c22b_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:afb05f33dcb4a5f5d07581acf8bbf1fab191f7a849eb32ed754629791013c22b_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:9f7a89167eb2c7450a0fea724bf31a83cd1baccdc04a27a2a6b808b55aa30387_amd64 as a component of 8Base-RHMTC-1.6",
          "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:9f7a89167eb2c7450a0fea724bf31a83cd1baccdc04a27a2a6b808b55aa30387_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:9f7a89167eb2c7450a0fea724bf31a83cd1baccdc04a27a2a6b808b55aa30387_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:f34848547089c208a51d8f6b5296a978bd86b2f2a37a10845e255ca08259db64_amd64 as a component of 8Base-RHMTC-1.6",
          "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:f34848547089c208a51d8f6b5296a978bd86b2f2a37a10845e255ca08259db64_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:f34848547089c208a51d8f6b5296a978bd86b2f2a37a10845e255ca08259db64_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:e867d7765f464a9460fc3fe5fda406db667d158273b462ed86c2ef275618f027_amd64 as a component of 8Base-RHMTC-1.6",
          "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:e867d7765f464a9460fc3fe5fda406db667d158273b462ed86c2ef275618f027_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:e867d7765f464a9460fc3fe5fda406db667d158273b462ed86c2ef275618f027_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:fff289d2412da6fa9f3b519d1bbf6cf730294ecf462087a84a697be63b513962_amd64 as a component of 8Base-RHMTC-1.6",
          "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:fff289d2412da6fa9f3b519d1bbf6cf730294ecf462087a84a697be63b513962_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:fff289d2412da6fa9f3b519d1bbf6cf730294ecf462087a84a697be63b513962_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-rhel8@sha256:cf1aabb5f8a931a9520490289a3f443d1df115a3f900e6c267af90a641124963_amd64 as a component of 8Base-RHMTC-1.6",
          "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-rhel8@sha256:cf1aabb5f8a931a9520490289a3f443d1df115a3f900e6c267af90a641124963_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:cf1aabb5f8a931a9520490289a3f443d1df115a3f900e6c267af90a641124963_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:bcce92e939b72d317035fe3d188825b879d68441756835c8018d1bc2f434220d_amd64 as a component of 8Base-RHMTC-1.6",
          "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-velero-plugin-rhel8@sha256:bcce92e939b72d317035fe3d188825b879d68441756835c8018d1bc2f434220d_amd64"
        },
        "product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:bcce92e939b72d317035fe3d188825b879d68441756835c8018d1bc2f434220d_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-3807",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-09-17T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:eadd64a4cafcd3fc91908cd33a6d8b8ffceefa5a156d6e6ab3e009083efa492f_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-log-reader-rhel8@sha256:81539d76dc684112b82c813f50e462886526eca4d85d72c6fa7b19e1d653f917_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-must-gather-rhel8@sha256:87e2617616002346c1c8bf1ca4328dc71d58f5f2b7f49eb31165a789be8b747f_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-operator-bundle@sha256:bef6f99405b6ea016b794a11214f48abb1ed14e54fdafc8dc57a741a86a66980_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-registry-rhel8@sha256:27206cb9901c89601d7440f06797d4f3f11a058ef169df7326475be781277724_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-rhel8-operator@sha256:a98821722ebe5038776bd9f7a0cc1cd59ee5b2b6b2f64a0ba670302f38e3d1f2_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d7f77e58018abbb2f89a4d767ce3b70614bf74883c4e0238abd722d49c330a83_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:9f7a89167eb2c7450a0fea724bf31a83cd1baccdc04a27a2a6b808b55aa30387_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:f34848547089c208a51d8f6b5296a978bd86b2f2a37a10845e255ca08259db64_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:e867d7765f464a9460fc3fe5fda406db667d158273b462ed86c2ef275618f027_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:fff289d2412da6fa9f3b519d1bbf6cf730294ecf462087a84a697be63b513962_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-rhel8@sha256:cf1aabb5f8a931a9520490289a3f443d1df115a3f900e6c267af90a641124963_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-velero-plugin-rhel8@sha256:bcce92e939b72d317035fe3d188825b879d68441756835c8018d1bc2f434220d_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2007557"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A regular expression denial of service (ReDoS) vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw requires crafted invalid ANSI escape codes in order to be exploited and only allows for denial of service of applications on the client side, hence the impact has been rated as Moderate.\n\nIn Red Hat Virtualization and Red Hat Quay some components use a vulnerable version of ansi-regex. However, all frontend code is executed on the client side. As the maximum impact of this vulnerability is denial of service in the client, the vulnerability is rated Moderate for those products.\n\nOpenShift Container Platform 4 (OCP) ships affected version of ansi-regex in the ose-metering-hadoop container, however the metering operator is deprecated since 4.6[1]. This issue is not currently planned to be addressed in future updates and hence hadoop container has been marked as \u0027will not fix\u0027.\n\nAdvanced Cluster Management for Kubernetes (RHACM) ships the affected version of ansi-regex in several containers, however the impact of this vulnerability is deemed low as it would result in an authenticated slowing down their own user interface. \n\n[1] https://docs.openshift.com/container-platform/4.6/metering/metering-about-metering.html",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:afb05f33dcb4a5f5d07581acf8bbf1fab191f7a849eb32ed754629791013c22b_amd64"
        ],
        "known_not_affected": [
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:eadd64a4cafcd3fc91908cd33a6d8b8ffceefa5a156d6e6ab3e009083efa492f_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-log-reader-rhel8@sha256:81539d76dc684112b82c813f50e462886526eca4d85d72c6fa7b19e1d653f917_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-must-gather-rhel8@sha256:87e2617616002346c1c8bf1ca4328dc71d58f5f2b7f49eb31165a789be8b747f_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-operator-bundle@sha256:bef6f99405b6ea016b794a11214f48abb1ed14e54fdafc8dc57a741a86a66980_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-registry-rhel8@sha256:27206cb9901c89601d7440f06797d4f3f11a058ef169df7326475be781277724_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-rhel8-operator@sha256:a98821722ebe5038776bd9f7a0cc1cd59ee5b2b6b2f64a0ba670302f38e3d1f2_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d7f77e58018abbb2f89a4d767ce3b70614bf74883c4e0238abd722d49c330a83_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:9f7a89167eb2c7450a0fea724bf31a83cd1baccdc04a27a2a6b808b55aa30387_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:f34848547089c208a51d8f6b5296a978bd86b2f2a37a10845e255ca08259db64_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:e867d7765f464a9460fc3fe5fda406db667d158273b462ed86c2ef275618f027_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:fff289d2412da6fa9f3b519d1bbf6cf730294ecf462087a84a697be63b513962_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-rhel8@sha256:cf1aabb5f8a931a9520490289a3f443d1df115a3f900e6c267af90a641124963_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-velero-plugin-rhel8@sha256:bcce92e939b72d317035fe3d188825b879d68441756835c8018d1bc2f434220d_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3807"
        },
        {
          "category": "external",
          "summary": "RHBZ#2007557",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3807",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807"
        },
        {
          "category": "external",
          "summary": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994",
          "url": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994"
        }
      ],
      "release_date": "2021-09-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-05-31T09:48:42+00:00",
          "details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
          "product_ids": [
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:afb05f33dcb4a5f5d07581acf8bbf1fab191f7a849eb32ed754629791013c22b_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:4814"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:eadd64a4cafcd3fc91908cd33a6d8b8ffceefa5a156d6e6ab3e009083efa492f_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-log-reader-rhel8@sha256:81539d76dc684112b82c813f50e462886526eca4d85d72c6fa7b19e1d653f917_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-must-gather-rhel8@sha256:87e2617616002346c1c8bf1ca4328dc71d58f5f2b7f49eb31165a789be8b747f_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-operator-bundle@sha256:bef6f99405b6ea016b794a11214f48abb1ed14e54fdafc8dc57a741a86a66980_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-registry-rhel8@sha256:27206cb9901c89601d7440f06797d4f3f11a058ef169df7326475be781277724_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-rhel8-operator@sha256:a98821722ebe5038776bd9f7a0cc1cd59ee5b2b6b2f64a0ba670302f38e3d1f2_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d7f77e58018abbb2f89a4d767ce3b70614bf74883c4e0238abd722d49c330a83_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:afb05f33dcb4a5f5d07581acf8bbf1fab191f7a849eb32ed754629791013c22b_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:9f7a89167eb2c7450a0fea724bf31a83cd1baccdc04a27a2a6b808b55aa30387_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:f34848547089c208a51d8f6b5296a978bd86b2f2a37a10845e255ca08259db64_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:e867d7765f464a9460fc3fe5fda406db667d158273b462ed86c2ef275618f027_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:fff289d2412da6fa9f3b519d1bbf6cf730294ecf462087a84a697be63b513962_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-rhel8@sha256:cf1aabb5f8a931a9520490289a3f443d1df115a3f900e6c267af90a641124963_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-velero-plugin-rhel8@sha256:bcce92e939b72d317035fe3d188825b879d68441756835c8018d1bc2f434220d_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes"
    },
    {
      "cve": "CVE-2021-39293",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-09-17T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:eadd64a4cafcd3fc91908cd33a6d8b8ffceefa5a156d6e6ab3e009083efa492f_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-log-reader-rhel8@sha256:81539d76dc684112b82c813f50e462886526eca4d85d72c6fa7b19e1d653f917_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-must-gather-rhel8@sha256:87e2617616002346c1c8bf1ca4328dc71d58f5f2b7f49eb31165a789be8b747f_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-operator-bundle@sha256:bef6f99405b6ea016b794a11214f48abb1ed14e54fdafc8dc57a741a86a66980_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-registry-rhel8@sha256:27206cb9901c89601d7440f06797d4f3f11a058ef169df7326475be781277724_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-rhel8-operator@sha256:a98821722ebe5038776bd9f7a0cc1cd59ee5b2b6b2f64a0ba670302f38e3d1f2_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d7f77e58018abbb2f89a4d767ce3b70614bf74883c4e0238abd722d49c330a83_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:afb05f33dcb4a5f5d07581acf8bbf1fab191f7a849eb32ed754629791013c22b_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:9f7a89167eb2c7450a0fea724bf31a83cd1baccdc04a27a2a6b808b55aa30387_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:f34848547089c208a51d8f6b5296a978bd86b2f2a37a10845e255ca08259db64_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:e867d7765f464a9460fc3fe5fda406db667d158273b462ed86c2ef275618f027_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:fff289d2412da6fa9f3b519d1bbf6cf730294ecf462087a84a697be63b513962_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-velero-plugin-rhel8@sha256:bcce92e939b72d317035fe3d188825b879d68441756835c8018d1bc2f434220d_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2006044"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. An attacker capable of submitting a crafted ZIP file to a Go application using archive/zip to process that file could cause a denial of service via memory exhaustion or panic. This particular flaw is an incomplete fix for a previous flaw.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* In OpenShift Container Platform, multiple components are written in Go and use archive/zip from the standard library. However, all such components are short lived client side tools, not long lived server side executables. As the maximum impact of this vulnerability is a denial of service in client utilities, this vulnerability is rated Low for OpenShift Container Platform.\n\n* This flaw is out of support scope for Red Hat Enterprise Linux 7. For more information about Red Hat Enterprise Linux support scope, please see https://access.redhat.com/support/policy/updates/errata\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s smart-gateway-container and sg-core-container.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-rhel8@sha256:cf1aabb5f8a931a9520490289a3f443d1df115a3f900e6c267af90a641124963_amd64"
        ],
        "known_not_affected": [
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:eadd64a4cafcd3fc91908cd33a6d8b8ffceefa5a156d6e6ab3e009083efa492f_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-log-reader-rhel8@sha256:81539d76dc684112b82c813f50e462886526eca4d85d72c6fa7b19e1d653f917_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-must-gather-rhel8@sha256:87e2617616002346c1c8bf1ca4328dc71d58f5f2b7f49eb31165a789be8b747f_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-operator-bundle@sha256:bef6f99405b6ea016b794a11214f48abb1ed14e54fdafc8dc57a741a86a66980_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-registry-rhel8@sha256:27206cb9901c89601d7440f06797d4f3f11a058ef169df7326475be781277724_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-rhel8-operator@sha256:a98821722ebe5038776bd9f7a0cc1cd59ee5b2b6b2f64a0ba670302f38e3d1f2_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d7f77e58018abbb2f89a4d767ce3b70614bf74883c4e0238abd722d49c330a83_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:afb05f33dcb4a5f5d07581acf8bbf1fab191f7a849eb32ed754629791013c22b_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:9f7a89167eb2c7450a0fea724bf31a83cd1baccdc04a27a2a6b808b55aa30387_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:f34848547089c208a51d8f6b5296a978bd86b2f2a37a10845e255ca08259db64_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:e867d7765f464a9460fc3fe5fda406db667d158273b462ed86c2ef275618f027_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:fff289d2412da6fa9f3b519d1bbf6cf730294ecf462087a84a697be63b513962_amd64",
          "8Base-RHMTC-1.6:rhmtc/openshift-velero-plugin-rhel8@sha256:bcce92e939b72d317035fe3d188825b879d68441756835c8018d1bc2f434220d_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-39293"
        },
        {
          "category": "external",
          "summary": "RHBZ#2006044",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006044"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-39293",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39293",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39293"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/dx9d7IOseHw",
          "url": "https://groups.google.com/g/golang-announce/c/dx9d7IOseHw"
        }
      ],
      "release_date": "2021-08-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-05-31T09:48:42+00:00",
          "details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
          "product_ids": [
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-rhel8@sha256:cf1aabb5f8a931a9520490289a3f443d1df115a3f900e6c267af90a641124963_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:4814"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:eadd64a4cafcd3fc91908cd33a6d8b8ffceefa5a156d6e6ab3e009083efa492f_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-log-reader-rhel8@sha256:81539d76dc684112b82c813f50e462886526eca4d85d72c6fa7b19e1d653f917_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-must-gather-rhel8@sha256:87e2617616002346c1c8bf1ca4328dc71d58f5f2b7f49eb31165a789be8b747f_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-operator-bundle@sha256:bef6f99405b6ea016b794a11214f48abb1ed14e54fdafc8dc57a741a86a66980_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-registry-rhel8@sha256:27206cb9901c89601d7440f06797d4f3f11a058ef169df7326475be781277724_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-rhel8-operator@sha256:a98821722ebe5038776bd9f7a0cc1cd59ee5b2b6b2f64a0ba670302f38e3d1f2_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d7f77e58018abbb2f89a4d767ce3b70614bf74883c4e0238abd722d49c330a83_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:afb05f33dcb4a5f5d07581acf8bbf1fab191f7a849eb32ed754629791013c22b_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:9f7a89167eb2c7450a0fea724bf31a83cd1baccdc04a27a2a6b808b55aa30387_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:f34848547089c208a51d8f6b5296a978bd86b2f2a37a10845e255ca08259db64_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:e867d7765f464a9460fc3fe5fda406db667d158273b462ed86c2ef275618f027_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:fff289d2412da6fa9f3b519d1bbf6cf730294ecf462087a84a697be63b513962_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-rhel8@sha256:cf1aabb5f8a931a9520490289a3f443d1df115a3f900e6c267af90a641124963_amd64",
            "8Base-RHMTC-1.6:rhmtc/openshift-velero-plugin-rhel8@sha256:bcce92e939b72d317035fe3d188825b879d68441756835c8018d1bc2f434220d_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.