{"containers": {"cna": {"affected": [{"product": "containerd", "vendor": "containerd", "versions": [{"status": "affected", "version": ">= 1.5.0, < 1.5.9"}]}], "descriptions": [{"lang": "en", "value": "containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-281", "description": "CWE-281: Improper Preservation of Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-15T02:06:19", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/containerd/containerd/issues/6194"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/containerd/containerd/commit/a731039238c62be081eb8c31525b988415745eea"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/dweomer/containerd/commit/f7f08f0e34fb97392b0d382e58916d6865100299"}, {"name": "FEDORA-2022-f668c3d70d", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GD5GH7NMK5VJMA2Y5CYB5O5GTPYMWMLX/"}, {"name": "FEDORA-2022-a0b2a4d594", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPDIZMI7ZPERSZE2XO265UCK5IWM7CID/"}], "source": {"advisory": "GHSA-mvff-h3cj-wj9c", "discovery": "UNKNOWN"}, "title": "Improper Preservation of Permissions in containerd", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-43816", "STATE": "PUBLIC", "TITLE": "Improper Preservation of Permissions in containerd"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "containerd", "version": {"version_data": [{"version_value": ">= 1.5.0, < 1.5.9"}]}}]}, "vendor_name": "containerd"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-281: Improper Preservation of Permissions"}]}]}, "references": {"reference_data": [{"name": "https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c", "refsource": "CONFIRM", "url": "https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c"}, {"name": "https://github.com/containerd/containerd/issues/6194", "refsource": "MISC", "url": "https://github.com/containerd/containerd/issues/6194"}, {"name": "https://github.com/containerd/containerd/commit/a731039238c62be081eb8c31525b988415745eea", "refsource": "MISC", "url": "https://github.com/containerd/containerd/commit/a731039238c62be081eb8c31525b988415745eea"}, {"name": "https://github.com/dweomer/containerd/commit/f7f08f0e34fb97392b0d382e58916d6865100299", "refsource": "MISC", "url": "https://github.com/dweomer/containerd/commit/f7f08f0e34fb97392b0d382e58916d6865100299"}, {"name": "FEDORA-2022-f668c3d70d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD5GH7NMK5VJMA2Y5CYB5O5GTPYMWMLX/"}, {"name": "FEDORA-2022-a0b2a4d594", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPDIZMI7ZPERSZE2XO265UCK5IWM7CID/"}]}, "source": {"advisory": "GHSA-mvff-h3cj-wj9c", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:03:08.904Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/containerd/containerd/issues/6194"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/containerd/containerd/commit/a731039238c62be081eb8c31525b988415745eea"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/dweomer/containerd/commit/f7f08f0e34fb97392b0d382e58916d6865100299"}, {"name": "FEDORA-2022-f668c3d70d", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GD5GH7NMK5VJMA2Y5CYB5O5GTPYMWMLX/"}, {"name": "FEDORA-2022-a0b2a4d594", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPDIZMI7ZPERSZE2XO265UCK5IWM7CID/"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-43816", "datePublished": "2022-01-05T18:55:10", "dateReserved": "2021-11-16T00:00:00", "dateUpdated": "2024-08-04T04:03:08.904Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*", "matchCriteriaId": "43387595-2EE9-4BCB-BA40-899372BAFD60", "versionEndExcluding": "1.5.9", "versionStartIncluding": "1.5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:containerd:1.5.0:-:*:*:*:*:*:*", "matchCriteriaId": "51312F5E-E77D-4714-A47A-EB2900F91852", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:containerd:1.5.0:beta0:*:*:*:*:*:*", "matchCriteriaId": "2C477ED1-29F2-47CC-B523-331FE4052336", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:containerd:1.5.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "2DD59A2E-2AF5-4D24-A0BD-F9A7C2064A91", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:containerd:1.5.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "6D819271-9946-4A69-8EF7-AFF8AAA226CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:containerd:1.5.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "F87C27FC-1AE4-45BA-BCF5-D5C2AEC3F3E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:containerd:1.5.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "3F6FA16C-59DA-42A7-A75C-5E8FB0E83453", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:containerd:1.5.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "2829C988-52D0-42A6-B063-B789046DBC58", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:containerd:1.5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "459C3B7F-4875-42A1-B242-A342218CEFD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:containerd:1.5.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "6C93E100-A2D4-4781-8C36-4DBCFD704CB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:containerd:1.5.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F43624CC-D1D3-4FF0-8D97-20E190A9A56E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible."}, {"lang": "es", "value": "containerd es un tiempo de ejecuci\u00f3n de contenedores de c\u00f3digo abierto. En las instalaciones que usan SELinux, como EL8 (CentOS, RHEL), Fedora o SUSE MicroOS, con containerd desde la versi\u00f3n v1.5.0-beta.0 como interfaz de ejecuci\u00f3n de contenedores de respaldo (CRI), un pod sin privilegios programado en el nodo puede enlazar el montaje, por medio del volumen hostPath, de cualquier archivo privilegiado y regular en el disco para un acceso completo de lectura/escritura (sans delete). Esto es conseguido al colocar la ubicaci\u00f3n dentro del contenedor del montaje del volumen hostPath en \"/etc/hosts\", \"/etc/hostname\", o \"/etc/resolv.conf\". Estas ubicaciones est\u00e1n siendo reetiquetadas indiscriminadamente para que coincidan con la etiqueta del proceso del contenedor, lo que efectivamente eleva los permisos para los contenedores inteligentes que normalmente no podr\u00edan acceder a los archivos privilegiados del host. Este problema ha sido resuelto en versi\u00f3n 1.5.9. Se recomienda a usuarios que actualicen lo antes posible."}], "id": "CVE-2021-43816", "lastModified": "2024-11-21T06:29:51.197", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-05T19:15:08.717", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/containerd/containerd/commit/a731039238c62be081eb8c31525b988415745eea"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/containerd/containerd/issues/6194"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/dweomer/containerd/commit/f7f08f0e34fb97392b0d382e58916d6865100299"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GD5GH7NMK5VJMA2Y5CYB5O5GTPYMWMLX/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPDIZMI7ZPERSZE2XO265UCK5IWM7CID/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/containerd/containerd/commit/a731039238c62be081eb8c31525b988415745eea"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/containerd/containerd/issues/6194"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/dweomer/containerd/commit/f7f08f0e34fb97392b0d382e58916d6865100299"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GD5GH7NMK5VJMA2Y5CYB5O5GTPYMWMLX/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPDIZMI7ZPERSZE2XO265UCK5IWM7CID/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-281"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-281"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "acm-grafana-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "acm-must-gather-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "acm-operator-bundle-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "application-ui-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "assisted-image-service-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "cert-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "cluster-backup-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "clusterclaims-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "cluster-curator-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "clusterlifecycle-state-metrics-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "cluster-proxy-addon-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "config-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "console-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "console-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "discovery-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "endpoint-monitoring-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "governance-policy-propagator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "governance-policy-spec-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "governance-policy-status-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "governance-policy-template-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "grafana-dashboard-loader-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "grc-ui-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "grc-ui-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "iam-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "insights-client-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "insights-metrics-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "klusterlet-addon-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "klusterlet-addon-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "klusterlet-operator-bundle-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "kube-rbac-proxy-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "kube-state-metrics-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "managedcluster-import-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "management-ingress-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "memcached-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "memcached-exporter-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "metrics-collector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicloud-integrations-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicloud-manager-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multiclusterhub-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multiclusterhub-repo-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicluster-observability-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicluster-operators-application-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicluster-operators-channel-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicluster-operators-deployable-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicluster-operators-placementrule-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicluster-operators-subscription-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicluster-operators-subscription-release-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "node-exporter-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "observatorium-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "observatorium-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "openshift-hive-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "placement-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "prometheus-alertmanager-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "prometheus-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "provider-credential-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "rbac-query-proxy-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "redisgraph-tls-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "registration-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "registration-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "rhacm-agent-service-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "rhacm-assisted-installer-agent-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "rhacm-assisted-installer-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "rhacm-assisted-installer-reporter-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "search-aggregator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "search-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "search-collector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "search-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "search-ui-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "submariner-addon-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "thanos-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "thanos-receive-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "volsync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "volsync-mover-rclone-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "volsync-mover-restic-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "volsync-mover-rsync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:0735", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "work-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-03-03T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "acm-cluster-proxy-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "acm-governance-policy-addon-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "acm-grafana-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "acm-must-gather-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "acm-operator-bundle-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "acm-prometheus-config-reloader-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "acm-prometheus-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "acm-volsync-addon-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "cert-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "cluster-backup-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "cluster-proxy-addon-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "config-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "console-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "endpoint-monitoring-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "governance-policy-propagator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "governance-policy-spec-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "governance-policy-status-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "governance-policy-template-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "grafana-dashboard-loader-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "iam-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "insights-client-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "insights-metrics-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "klusterlet-addon-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "klusterlet-addon-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "kube-rbac-proxy-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "kube-state-metrics-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "management-ingress-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "memcached-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "memcached-exporter-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "metrics-collector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "multicloud-integrations-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "multiclusterhub-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "multiclusterhub-repo-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "multicluster-observability-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "multicluster-operators-application-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "multicluster-operators-channel-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "multicluster-operators-subscription-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "node-exporter-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "observatorium-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "observatorium-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "prometheus-alertmanager-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "prometheus-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "rbac-query-proxy-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "redisgraph-tls-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "search-aggregator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "search-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "search-collector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "search-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "submariner-addon-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "thanos-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}, {"advisory": "RHSA-2022:4956", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "thanos-receive-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2022-06-09T00:00:00Z"}], "bugzilla": {"description": "containerd: Unprivileged pod may bind mount any privileged regular file on disk", "id": "2044434", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044434"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-281", "details": ["containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible.", "An incorrect permission assignment flaw was found in containerd. This flaw allows a local attacker to use a specially designed text file to read and write files outside of the container's scope."], "name": "CVE-2021-43816", "package_state": [{"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Not affected", "package_name": "ocp-tools-4/jenkins-rhel8", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "containerd", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "multicloud-operators-channel-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "multicloud-operators-subscription-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "multicloud-operators-subscription-release-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "multicluster-hub-repo-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/prometheus-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "cri-o", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "impact": "low", "package_name": "openshift", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift-clients", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Will not fix", "impact": "low", "package_name": "osp-director-provisioner-container", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Will not fix", "impact": "low", "package_name": "rhosp-rhel8-tech-preview/osp-director-downloader", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Will not fix", "impact": "low", "package_name": "rhosp-rhel8-tech-preview/osp-director-operator", "product_name": "Red Hat OpenStack Platform 16.2"}], "public_date": "2022-01-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-43816\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-43816\nhttps://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c"], "statement": "Because Red Hat OpenStack Platform's director-operator does not use hostPath volumes, the RHOSP Impact has been rated Low impact and no updates will be provided at this time for its containers.\nIn Red Hat OpenShift Container Platform (OCP) the containerd package is not actually used, but because the containerd API is supported the core OCP components are listed as affected by this CVE and the impact is reduced to Low.", "threat_severity": "Important"}