CVE-2022-21698 - Vulnerability Details

client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Extra Packages For Enterprise Linux Fedora
Prometheus	Client Golang
Rdo Project	Rdo
Redhat	Container Native Virtualization Enterprise Linux Logging Openshift Openshift Api Data Protection Openshift Data Foundation Openshift Devspaces Openstack Rhel Aus Rhel E4s Rhel Tus Rhosemc Serverless

Configuration 1 [-]

cpe:2.3:a:prometheus:client_golang:*:*:*:*:*:go:*:*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*
	cpe:2.3:o:fedoraproject:fedora:36:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:::::::*
	cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:::::::*

Configuration 4 [-]

cpe:2.3:a:rdo_project:rdo:-:*:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:o:fedoraproject:fedora:35:::::::*
	cpe:2.3:o:fedoraproject:fedora:36:::::::*
	cpe:2.3:o:fedoraproject:fedora:37:::::::*

Package	CPE	Advisory	Released Date
Logging subsystem for Red Hat OpenShift 5.4
openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-163	cpe:/a:redhat:logging:5.4::el8	RHSA-2022:1461	2022-04-20T00:00:00Z
openshift-logging/elasticsearch-rhel8-operator:v5.4.1-4	cpe:/a:redhat:logging:5.4::el8	RHSA-2022:2216	2022-05-11T00:00:00Z
OADP-1.0-RHEL-8
oadp/oadp-registry-rhel8:1.0.4-6	cpe:/a:redhat:openshift_api_data_protection:1.0::el8	RHSA-2022:6430	2022-09-13T00:00:00Z
oadp/oadp-mustgather-rhel8:1.0.5-20	cpe:/a:redhat:openshift_api_data_protection:1.0::el8	RHSA-2022:7261	2022-10-31T00:00:00Z
oadp/oadp-rhel8-operator:1.0.5-16	cpe:/a:redhat:openshift_api_data_protection:1.0::el8	RHSA-2022:7261	2022-10-31T00:00:00Z
OADP-1.1-RHEL-8
oadp/oadp-velero-plugin-rhel8:1.1.0-20	cpe:/a:redhat:openshift_api_data_protection:1.1::el8	RHSA-2022:6290	2022-09-01T00:00:00Z
oadp/oadp-velero-rhel8:1.1.6-7	cpe:/a:redhat:openshift_api_data_protection:1.1::el8	RHSA-2023:5314	2023-09-20T00:00:00Z
OpenShift Logging 5.2
openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-168	cpe:/a:redhat:logging:5.2::el8	RHSA-2022:2218	2022-05-11T00:00:00Z
openshift-logging/elasticsearch-rhel8-operator:v5.2.10-5	cpe:/a:redhat:logging:5.2::el8	RHSA-2022:2218	2022-05-11T00:00:00Z
OpenShift Logging 5.3
openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-171	cpe:/a:redhat:logging:5.3::el8	RHSA-2022:2217	2022-05-11T00:00:00Z
openshift-logging/elasticsearch-rhel8-operator:v5.3.7-5	cpe:/a:redhat:logging:5.3::el8	RHSA-2022:2217	2022-05-11T00:00:00Z
Openshift Serveless 1.24
openshift-serverless-1/client-kn-rhel8:1.3.1-4	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.3.2-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/eventing-controller-rhel8:1.3.2-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.3.2-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.3.2-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.3.2-2	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.3.2-2	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.3.2-2	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.3.2-2	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.3.2-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.3.2-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.3.2-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/eventing-mtping-rhel8:1.3.2-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/eventing-storage-version-migration-rhel8:1.3.2-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/eventing-sugar-controller-rhel8:1.3.2-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/eventing-webhook-rhel8:1.3.2-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/ingress-rhel8-operator:1.24.0-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/knative-rhel8-operator:1.24.0-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/kn-cli-artifacts-rhel8:1.3.1-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/kourier-control-rhel8:1.3.0-2	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/net-istio-controller-rhel8:1.3.0-2	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/net-istio-webhook-rhel8:1.3.0-2	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/serverless-operator-bundle:1.24.0-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/serverless-rhel8-operator:1.24.0-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/serving-activator-rhel8:1.3.0-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.3.0-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/serving-autoscaler-rhel8:1.3.0-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/serving-controller-rhel8:1.3.0-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/serving-domain-mapping-rhel8:1.3.0-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.3.0-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/serving-queue-rhel8:1.3.0-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/serving-storage-version-migration-rhel8:1.3.0-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/serving-webhook-rhel8:1.3.0-3	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1/svls-must-gather-rhel8:1.24.0-2	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1-tech-preview/eventing-kafka-broker-controller-rhel8:1.3.2-2	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1-tech-preview/eventing-kafka-broker-dispatcher-rhel8:1.3.2-2	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1-tech-preview/eventing-kafka-broker-receiver-rhel8:1.3.2-2	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
openshift-serverless-1-tech-preview/eventing-kafka-broker-webhook-rhel8:1.3.2-2	cpe:/a:redhat:serverless:1.24::el8	RHSA-2022:6040	2022-08-10T00:00:00Z
Openshift Serverless 1 on RHEL 8
openshift-serverless-clients-0:1.3.1-4.el8	cpe:/a:redhat:serverless:1.0::el8	RHSA-2022:6042	2022-08-10T00:00:00Z
Red Hat Enterprise Linux 8
container-tools:rhel8-8060020220401155929.2e213529	cpe:/a:redhat:enterprise_linux:8	RHSA-2022:1762	2022-05-10T00:00:00Z
grafana-0:7.5.15-3.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2022:7519	2022-11-08T00:00:00Z
container-tools:3.0-8070020220802115906.39077419	cpe:/a:redhat:enterprise_linux:8	RHSA-2022:7529	2022-11-08T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
container-tools:3.0-8040020240104111259.c0c392d5	cpe:/a:redhat:rhel_aus:8.4	RHSA-2024:0564	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
container-tools:3.0-8040020240104111259.c0c392d5	cpe:/a:redhat:rhel_tus:8.4	RHSA-2024:0564	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
container-tools:3.0-8040020240104111259.c0c392d5	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2024:0564	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9
grafana-0:7.5.15-3.el9	cpe:/a:redhat:enterprise_linux:9	RHSA-2022:8057	2022-11-15T00:00:00Z
Red Hat OpenShift Container Platform 3.11
atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7	cpe:/a:redhat:openshift:3.11::el7	RHSA-2022:2280	2022-05-31T00:00:00Z
Red Hat OpenShift Container Platform 4.10
openshift4/kubernetes-nmstate-rhel8-operator:v4.10.0-202207291908.p0.g5f0b20d.assembly.stream	cpe:/a:redhat:openshift:4.10::el8	RHBA-2022:5876	2022-08-09T00:00:00Z
openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.10.0-202207291908.p0.g5f0b20d.assembly.stream	cpe:/a:redhat:openshift:4.10::el8	RHBA-2022:5876	2022-08-09T00:00:00Z
openshift4/ose-openstack-machine-controllers:v4.10.0-202204090935.p0.g12df76b.assembly.stream	cpe:/a:redhat:openshift:4.10::el8	RHSA-2022:1356	2022-04-21T00:00:00Z
Red Hat OpenShift Container Platform 4.11
buildah-1:1.23.4-2.el8	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5068	2022-08-10T00:00:00Z
openshift-clients-0:4.11.0-202207291716.p0.g7075089.assembly.stream.el8	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5068	2022-08-10T00:00:00Z
openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/cloud-event-proxy-rhel8:v4.11.0-202208020706.p0.g642796d.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5070	2022-08-10T00:00:00Z
openshift4/ose-cloud-event-proxy:v4.11.0-202208020706.p0.g642796d.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5070	2022-08-10T00:00:00Z
openshift4/ose-cloud-event-proxy-rhel8:v4.11.0-202208020706.p0.g642796d.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5070	2022-08-10T00:00:00Z
openshift4/ose-sriov-network-webhook:v4.11.0-202209130958.p0.gb4f9fbd.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:6537	2022-09-20T00:00:00Z
openshift4/ose-operator-sdk-rhel8:v4.11.0-202301241446.p0.g1974dfd.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2023:0566	2023-02-07T00:00:00Z
openshift4/ose-helm-operator:v4.11.0-202302061916.p0.g1974dfd.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2023:0652	2023-02-15T00:00:00Z
openshift4/ose-baremetal-rhel8-operator:v4.11.0-202303061754.p0.g55cd252.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2023:1158	2023-03-14T00:00:00Z
openshift4/ose-multus-admission-controller:v4.11.0-202304192028.p0.gb876064.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2023:2014	2023-05-02T00:00:00Z
Red Hat OpenShift Container Platform 4.12
openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.12.0-202301042354.p0.g1959de0.assembly.stream	cpe:/a:redhat:openshift:4.12::el8	RHSA-2022:7399	2023-01-17T00:00:00Z
openshift4/ose-aws-ebs-csi-driver-rhel8:v4.12.0-202301042354.p0.g1584117.assembly.stream	cpe:/a:redhat:openshift:4.12::el8	RHSA-2022:7399	2023-01-17T00:00:00Z
openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.12.0-202301042354.p0.g8d208a7.assembly.stream	cpe:/a:redhat:openshift:4.12::el8	RHSA-2022:7399	2023-01-17T00:00:00Z
openshift4/ose-gcp-pd-csi-driver-rhel8:v4.12.0-202301042354.p0.g223d846.assembly.stream	cpe:/a:redhat:openshift:4.12::el8	RHSA-2022:7399	2023-01-17T00:00:00Z
openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.12.0-202301042354.p0.g2364e6a.assembly.stream	cpe:/a:redhat:openshift:4.12::el8	RHSA-2022:7399	2023-01-17T00:00:00Z
openshift4-wincw/windows-machine-config-rhel8-operator:7.0.0-22	cpe:/a:redhat:openshift:4.12::el8	RHSA-2022:9096	2023-01-30T00:00:00Z
Red Hat OpenShift Container Platform 4.13
openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.13.0-202304190216.p0.g68c0ecf.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:1326	2023-05-17T00:00:00Z
openshift4/ose-installer:v4.13.0-202305091542.p0.g44db7b2.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:1326	2023-05-17T00:00:00Z
openshift4/ose-multus-admission-controller:v4.13.0-202304190216.p0.gd6d52a7.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:1326	2023-05-17T00:00:00Z
openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.13.0-202304190216.p0.g6f4295b.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:1326	2023-05-17T00:00:00Z
Red Hat OpenShift Data Foundation 4.11 on RHEL8
odf4/ocs-rhel8-operator:v4.11.0-67	cpe:/a:redhat:openshift_data_foundation:4.11::el8	RHSA-2022:6156	2022-08-24T00:00:00Z
odf4/odf-lvm-rhel8-operator:v4.11.0-39	cpe:/a:redhat:openshift_data_foundation:4.11::el8	RHSA-2022:6156	2022-08-24T00:00:00Z
odf4/odf-rhel8-operator:v4.11.0-27	cpe:/a:redhat:openshift_data_foundation:4.11::el8	RHSA-2022:6156	2022-08-24T00:00:00Z
Red Hat OpenShift Dev Spaces 3 Containers
devspaces/configbump-rhel8:3.15-2	cpe:/a:redhat:openshift_devspaces:3::el8	RHSA-2024:4631	2024-07-18T00:00:00Z
devspaces/devspaces-rhel8-operator:3.15-10	cpe:/a:redhat:openshift_devspaces:3::el8	RHSA-2024:4631	2024-07-18T00:00:00Z
Red Hat OpenStack Platform 16.1
etcd-0:3.3.23-10.el8ost	cpe:/a:redhat:openstack:16.1::el8	RHSA-2022:6066	2022-08-15T00:00:00Z
Red Hat OpenStack Platform 16.2
etcd-0:3.3.23-10.el8ost	cpe:/a:redhat:openstack:16.2::el8	RHSA-2022:6061	2022-08-15T00:00:00Z
RHEL-7-CNV-4.10
kubevirt-0:4.10.1-489.el7	cpe:/a:redhat:container_native_virtualization:4.10::el7	RHSA-2022:4667	2022-05-18T00:00:00Z
RHEL-8 based Middleware Containers
amq7/amq-broker-rhel8-operator:7.12.0-16	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2024:2944	2024-05-21T00:00:00Z
amq7/amq-broker-rhel8-operator-bundle:7.12.0-10	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2024:2944	2024-05-21T00:00:00Z
RHEL-8-CNV-4.10
kubevirt-0:4.10.1-489.el8	cpe:/a:redhat:container_native_virtualization:4.10::el8	RHSA-2022:4667	2022-05-18T00:00:00Z
container-native-virtualization/hostpath-provisioner-rhel8:v4.10.1-5	cpe:/a:redhat:container_native_virtualization:4.10::el8	RHSA-2022:4668	2022-05-18T00:00:00Z
container-native-virtualization/hostpath-provisioner-rhel8-operator:v4.10.1-6	cpe:/a:redhat:container_native_virtualization:4.10::el8	RHSA-2022:4668	2022-05-18T00:00:00Z
container-native-virtualization/hyperconverged-cluster-webhook-rhel8:v4.10.1-19	cpe:/a:redhat:container_native_virtualization:4.10::el8	RHSA-2022:4668	2022-05-18T00:00:00Z
container-native-virtualization/kubevirt-template-validator:v4.10.1-4	cpe:/a:redhat:container_native_virtualization:4.10::el8	RHSA-2022:4668	2022-05-18T00:00:00Z
container-native-virtualization/libguestfs-tools:v4.10.1-8	cpe:/a:redhat:container_native_virtualization:4.10::el8	RHSA-2022:4668	2022-05-18T00:00:00Z
container-native-virtualization/virt-cdi-cloner:v4.10.1-16	cpe:/a:redhat:container_native_virtualization:4.10::el8	RHSA-2022:4668	2022-05-18T00:00:00Z
container-native-virtualization/virt-launcher:v4.10.1-8	cpe:/a:redhat:container_native_virtualization:4.10::el8	RHSA-2022:4668	2022-05-18T00:00:00Z
container-native-virtualization/hostpath-csi-driver:v4.10.2-1	cpe:/a:redhat:container_native_virtualization:4.10::el8	RHSA-2022:5026	2022-06-14T00:00:00Z
container-native-virtualization/hostpath-csi-driver-rhel8:v4.10.2-1	cpe:/a:redhat:container_native_virtualization:4.10::el8	RHSA-2022:5026	2022-06-14T00:00:00Z
container-native-virtualization/kubernetes-nmstate-handler-rhel8:v4.10.2-3	cpe:/a:redhat:container_native_virtualization:4.10::el8	RHSA-2022:5026	2022-06-14T00:00:00Z
RHEL-8-CNV-4.11
container-native-virtualization/cluster-network-addons-operator:v4.11.0-26	cpe:/a:redhat:container_native_virtualization:4.11::el8	RHSA-2022:6526	2022-09-14T00:00:00Z
container-native-virtualization/kubemacpool:v4.11.0-26	cpe:/a:redhat:container_native_virtualization:4.11::el8	RHSA-2022:6526	2022-09-14T00:00:00Z
RHOL-5.5-RHEL-8
openshift-logging/cluster-logging-rhel8-operator:v5.5.0-57	cpe:/a:redhat:logging:5.5::el8	RHSA-2022:6051	2022-08-18T00:00:00Z
openshift-logging/eventrouter-rhel8:v0.4.0-14	cpe:/a:redhat:logging:5.5::el8	RHSA-2022:6051	2022-08-18T00:00:00Z
openshift-logging/log-file-metric-exporter-rhel8:v1.1.0-38	cpe:/a:redhat:logging:5.5::el8	RHSA-2022:6051	2022-08-18T00:00:00Z

References

Link	Providers
https://github.com/prometheus/client_golang/pull/962
https://github.com/prometheus/client_golang/pull/987
https://github.com/prometheus/client_golang/releases/tag/v1.11.1
https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IK53GWZ475OQ6ENABKMJMTOBZG6LXUR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3L6GDN5S5QZSCFKWD3GKL2RDZQ6B4UWA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OGNAFVXSMTTT2UPH6CS3IH6L3KM42Q7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7V7I72LSQ3IET3QJR6QPAVGJZ4CBDLN5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK7CJBCGERCRXYUR2EWDSSDVAQMTAZGX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY3N7H6VSDZM37B4SKM2PFFCUWU7QYWN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KBMVIQFKQDSSTHVVJWJ4QH6TW3JVB7XZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MH6ALXEQXIFQRQFNJ5Y2MJ5DFPIX76VN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RN7JGC2LVHPEGSJYODFUV5FEKPBVG4D7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SASRKYHT5ZFSVMJUQUG3UAEQRJYGJKAR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKORFJTRRDJCWBTJPISKKCVMMMJBIRLG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/
https://nvd.nist.gov/vuln/detail/CVE-2022-21698
https://www.cve.org/CVERecord?id=CVE-2022-21698

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-02-15T00:00:00

Updated: 2024-08-03T02:53:34.814Z

Reserved: 2021-11-16T00:00:00

Link: CVE-2022-21698

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-02-15T16:15:08.527

Modified: 2024-11-21T06:45:15.423

Link: CVE-2022-21698

Redhat

Severity : Moderate

Publid Date: 2022-02-15T00:00:00Z

Links: CVE-2022-21698 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-21698", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2024-08-03T02:53:34.814Z", "dateReserved": "2021-11-16T00:00:00", "datePublished": "2022-02-15T00:00:00"}, "containers": {"cna": {"title": "Uncontrolled Resource Consumption in promhttp", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-11-14T00:00:00"}, "descriptions": [{"lang": "en", "value": "client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods."}], "affected": [{"vendor": "prometheus", "product": "client_golang", "versions": [{"version": "< 1.11.1", "status": "affected"}]}], "references": [{"url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p"}, {"url": "https://github.com/prometheus/client_golang/pull/962"}, {"url": "https://github.com/prometheus/client_golang/pull/987"}, {"url": "https://github.com/prometheus/client_golang/releases/tag/v1.11.1"}, {"name": "FEDORA-2022-5f253807ce", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY3N7H6VSDZM37B4SKM2PFFCUWU7QYWN/"}, {"name": "FEDORA-2022-6c4cb64314", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKORFJTRRDJCWBTJPISKKCVMMMJBIRLG/"}, {"name": "FEDORA-2022-eda0e65b01", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK7CJBCGERCRXYUR2EWDSSDVAQMTAZGX/"}, {"name": "FEDORA-2022-6043a7b938", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SASRKYHT5ZFSVMJUQUG3UAEQRJYGJKAR/"}, {"name": "FEDORA-2022-e244ad73d6", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KBMVIQFKQDSSTHVVJWJ4QH6TW3JVB7XZ/"}, {"name": "FEDORA-2022-a7d438b30b", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7V7I72LSQ3IET3QJR6QPAVGJZ4CBDLN5/"}, {"name": "FEDORA-2022-83405f9d5b", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/"}, {"name": "FEDORA-2022-9dd03cab55", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/"}, {"name": "FEDORA-2022-c87047f163", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/"}, {"name": "FEDORA-2022-2067702f06", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3/"}, {"name": "FEDORA-2022-c5383675d9", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/"}, {"name": "FEDORA-2022-5e637f6cc6", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/"}, {"name": "FEDORA-2022-396c568c5e", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IK53GWZ475OQ6ENABKMJMTOBZG6LXUR/"}, {"name": "FEDORA-2022-92ef43c439", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MH6ALXEQXIFQRQFNJ5Y2MJ5DFPIX76VN/"}, {"name": "FEDORA-2022-fae3ecee19", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"}, {"name": "FEDORA-2022-739c7a0058", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RN7JGC2LVHPEGSJYODFUV5FEKPBVG4D7/"}, {"name": "FEDORA-2022-13ad572b5a", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OGNAFVXSMTTT2UPH6CS3IH6L3KM42Q7/"}, {"name": "FEDORA-2022-741325e9a0", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3L6GDN5S5QZSCFKWD3GKL2RDZQ6B4UWA/"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "cweId": "CWE-400"}]}], "source": {"advisory": "GHSA-cg3q-j54f-5p7p", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:53:34.814Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", "tags": ["x_transferred"]}, {"url": "https://github.com/prometheus/client_golang/pull/962", "tags": ["x_transferred"]}, {"url": "https://github.com/prometheus/client_golang/pull/987", "tags": ["x_transferred"]}, {"url": "https://github.com/prometheus/client_golang/releases/tag/v1.11.1", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-5f253807ce", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY3N7H6VSDZM37B4SKM2PFFCUWU7QYWN/"}, {"name": "FEDORA-2022-6c4cb64314", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKORFJTRRDJCWBTJPISKKCVMMMJBIRLG/"}, {"name": "FEDORA-2022-eda0e65b01", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK7CJBCGERCRXYUR2EWDSSDVAQMTAZGX/"}, {"name": "FEDORA-2022-6043a7b938", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SASRKYHT5ZFSVMJUQUG3UAEQRJYGJKAR/"}, {"name": "FEDORA-2022-e244ad73d6", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KBMVIQFKQDSSTHVVJWJ4QH6TW3JVB7XZ/"}, {"name": "FEDORA-2022-a7d438b30b", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7V7I72LSQ3IET3QJR6QPAVGJZ4CBDLN5/"}, {"name": "FEDORA-2022-83405f9d5b", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/"}, {"name": "FEDORA-2022-9dd03cab55", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/"}, {"name": "FEDORA-2022-c87047f163", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/"}, {"name": "FEDORA-2022-2067702f06", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3/"}, {"name": "FEDORA-2022-c5383675d9", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/"}, {"name": "FEDORA-2022-5e637f6cc6", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/"}, {"name": "FEDORA-2022-396c568c5e", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IK53GWZ475OQ6ENABKMJMTOBZG6LXUR/"}, {"name": "FEDORA-2022-92ef43c439", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MH6ALXEQXIFQRQFNJ5Y2MJ5DFPIX76VN/"}, {"name": "FEDORA-2022-fae3ecee19", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"}, {"name": "FEDORA-2022-739c7a0058", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RN7JGC2LVHPEGSJYODFUV5FEKPBVG4D7/"}, {"name": "FEDORA-2022-13ad572b5a", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OGNAFVXSMTTT2UPH6CS3IH6L3KM42Q7/"}, {"name": "FEDORA-2022-741325e9a0", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3L6GDN5S5QZSCFKWD3GKL2RDZQ6B4UWA/"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:prometheus:client_golang:*:*:*:*:*:go:*:*", "matchCriteriaId": "6772711E-70E4-4663-A81B-960CFE7BB586", "versionEndExcluding": "1.11.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "3D9C7598-4BB4-442A-86DF-EEDE041A4CC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rdo_project:rdo:-:*:*:*:*:*:*:*", "matchCriteriaId": "B26CA9A7-9E1A-4787-89FB-2653E177895A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods."}, {"lang": "es", "value": "client_golang es la biblioteca de instrumentaci\u00f3n para aplicaciones Go en Prometheus, y el paquete promhttp en client_golang proporciona herramientas en torno a los servidores y clientes HTTP. En client_golang versiones anteriores a 1.11.1, el servidor HTTP es susceptible de una Denegaci\u00f3n de Servicio mediante una cardinalidad no limitada, y un potencial agotamiento de la memoria, cuando es manejado peticiones con m\u00e9todos HTTP no est\u00e1ndar. Para ser afectado, un software instrumentado debe usar cualquiera de los middleware \"promhttp.InstrumentHandler*\" excepto \"RequestsInFlight\"; no filtrar ning\u00fan m\u00e9todo espec\u00edfico (por ejemplo GET) antes del middleware; pasar la m\u00e9trica con el nombre de la etiqueta \"method\" a nuestro middleware; y no presentar ning\u00fan firewall/LB/proxy que filtre las peticiones con \"method\" desconocido. client_golang versi\u00f3n 1.11.1 contiene un parche para este problema. Se presentan varias medidas de mitigaci\u00f3n disponibles, incluyendo la eliminaci\u00f3n del nombre de la etiqueta \"method\" del contador/calibre usado en el InstrumentHandler; la deshabilitaci\u00f3n de los manejadores promhttp afectados; la adici\u00f3n de un middleware personalizado antes del manejador promhttp que sanee el m\u00e9todo de petici\u00f3n dado por Go http.Request; y el uso de un proxy inverso o un firewall de aplicaciones web, configurado para permitir s\u00f3lo un conjunto limitado de m\u00e9todos"}], "id": "CVE-2022-21698", "lastModified": "2024-11-21T06:45:15.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-15T16:15:08.527", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/prometheus/client_golang/pull/962"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/prometheus/client_golang/pull/987"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/prometheus/client_golang/releases/tag/v1.11.1"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IK53GWZ475OQ6ENABKMJMTOBZG6LXUR/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3L6GDN5S5QZSCFKWD3GKL2RDZQ6B4UWA/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OGNAFVXSMTTT2UPH6CS3IH6L3KM42Q7/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7V7I72LSQ3IET3QJR6QPAVGJZ4CBDLN5/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK7CJBCGERCRXYUR2EWDSSDVAQMTAZGX/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY3N7H6VSDZM37B4SKM2PFFCUWU7QYWN/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KBMVIQFKQDSSTHVVJWJ4QH6TW3JVB7XZ/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MH6ALXEQXIFQRQFNJ5Y2MJ5DFPIX76VN/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RN7JGC2LVHPEGSJYODFUV5FEKPBVG4D7/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SASRKYHT5ZFSVMJUQUG3UAEQRJYGJKAR/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKORFJTRRDJCWBTJPISKKCVMMMJBIRLG/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/prometheus/client_golang/pull/962"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/prometheus/client_golang/pull/987"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/prometheus/client_golang/releases/tag/v1.11.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IK53GWZ475OQ6ENABKMJMTOBZG6LXUR/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3L6GDN5S5QZSCFKWD3GKL2RDZQ6B4UWA/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OGNAFVXSMTTT2UPH6CS3IH6L3KM42Q7/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7V7I72LSQ3IET3QJR6QPAVGJZ4CBDLN5/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK7CJBCGERCRXYUR2EWDSSDVAQMTAZGX/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY3N7H6VSDZM37B4SKM2PFFCUWU7QYWN/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KBMVIQFKQDSSTHVVJWJ4QH6TW3JVB7XZ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MH6ALXEQXIFQRQFNJ5Y2MJ5DFPIX76VN/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RN7JGC2LVHPEGSJYODFUV5FEKPBVG4D7/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SASRKYHT5ZFSVMJUQUG3UAEQRJYGJKAR/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKORFJTRRDJCWBTJPISKKCVMMMJBIRLG/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:1461", "cpe": "cpe:/a:redhat:logging:5.4::el8", "package": "openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-163", "product_name": "Logging subsystem for Red Hat OpenShift 5.4", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:2216", "cpe": "cpe:/a:redhat:logging:5.4::el8", "package": "openshift-logging/elasticsearch-rhel8-operator:v5.4.1-4", "product_name": "Logging subsystem for Red Hat OpenShift 5.4", "release_date": "2022-05-11T00:00:00Z"}, {"advisory": "RHSA-2022:6430", "cpe": "cpe:/a:redhat:openshift_api_data_protection:1.0::el8", "package": "oadp/oadp-registry-rhel8:1.0.4-6", "product_name": "OADP-1.0-RHEL-8", "release_date": "2022-09-13T00:00:00Z"}, {"advisory": "RHSA-2022:7261", "cpe": "cpe:/a:redhat:openshift_api_data_protection:1.0::el8", "package": "oadp/oadp-mustgather-rhel8:1.0.5-20", "product_name": "OADP-1.0-RHEL-8", "release_date": "2022-10-31T00:00:00Z"}, {"advisory": "RHSA-2022:7261", "cpe": "cpe:/a:redhat:openshift_api_data_protection:1.0::el8", "package": "oadp/oadp-rhel8-operator:1.0.5-16", "product_name": "OADP-1.0-RHEL-8", "release_date": "2022-10-31T00:00:00Z"}, {"advisory": "RHSA-2022:6290", "cpe": "cpe:/a:redhat:openshift_api_data_protection:1.1::el8", "package": "oadp/oadp-velero-plugin-rhel8:1.1.0-20", "product_name": "OADP-1.1-RHEL-8", "release_date": "2022-09-01T00:00:00Z"}, {"advisory": "RHSA-2023:5314", "cpe": "cpe:/a:redhat:openshift_api_data_protection:1.1::el8", "package": "oadp/oadp-velero-rhel8:1.1.6-7", "product_name": "OADP-1.1-RHEL-8", "release_date": "2023-09-20T00:00:00Z"}, {"advisory": "RHSA-2022:2218", "cpe": "cpe:/a:redhat:logging:5.2::el8", "package": "openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-168", "product_name": "OpenShift Logging 5.2", "release_date": "2022-05-11T00:00:00Z"}, {"advisory": "RHSA-2022:2218", "cpe": "cpe:/a:redhat:logging:5.2::el8", "package": "openshift-logging/elasticsearch-rhel8-operator:v5.2.10-5", "product_name": "OpenShift Logging 5.2", "release_date": "2022-05-11T00:00:00Z"}, {"advisory": "RHSA-2022:2217", "cpe": "cpe:/a:redhat:logging:5.3::el8", "package": "openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-171", "product_name": "OpenShift Logging 5.3", "release_date": "2022-05-11T00:00:00Z"}, {"advisory": "RHSA-2022:2217", "cpe": "cpe:/a:redhat:logging:5.3::el8", "package": "openshift-logging/elasticsearch-rhel8-operator:v5.3.7-5", "product_name": "OpenShift Logging 5.3", "release_date": "2022-05-11T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/client-kn-rhel8:1.3.1-4", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.3.2-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/eventing-controller-rhel8:1.3.2-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.3.2-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.3.2-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.3.2-2", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.3.2-2", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.3.2-2", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.3.2-2", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.3.2-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.3.2-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.3.2-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/eventing-mtping-rhel8:1.3.2-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/eventing-storage-version-migration-rhel8:1.3.2-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/eventing-sugar-controller-rhel8:1.3.2-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/eventing-webhook-rhel8:1.3.2-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/ingress-rhel8-operator:1.24.0-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/knative-rhel8-operator:1.24.0-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/kn-cli-artifacts-rhel8:1.3.1-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/kourier-control-rhel8:1.3.0-2", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/net-istio-controller-rhel8:1.3.0-2", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/net-istio-webhook-rhel8:1.3.0-2", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/serverless-operator-bundle:1.24.0-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/serverless-rhel8-operator:1.24.0-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/serving-activator-rhel8:1.3.0-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.3.0-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/serving-autoscaler-rhel8:1.3.0-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/serving-controller-rhel8:1.3.0-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/serving-domain-mapping-rhel8:1.3.0-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.3.0-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/serving-queue-rhel8:1.3.0-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/serving-storage-version-migration-rhel8:1.3.0-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/serving-webhook-rhel8:1.3.0-3", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1/svls-must-gather-rhel8:1.24.0-2", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1-tech-preview/eventing-kafka-broker-controller-rhel8:1.3.2-2", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1-tech-preview/eventing-kafka-broker-dispatcher-rhel8:1.3.2-2", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1-tech-preview/eventing-kafka-broker-receiver-rhel8:1.3.2-2", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6040", "cpe": "cpe:/a:redhat:serverless:1.24::el8", "package": "openshift-serverless-1-tech-preview/eventing-kafka-broker-webhook-rhel8:1.3.2-2", "product_name": "Openshift Serveless 1.24", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6042", "cpe": "cpe:/a:redhat:serverless:1.0::el8", "package": "openshift-serverless-clients-0:1.3.1-4.el8", "product_name": "Openshift Serverless 1 on RHEL 8", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:1762", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:rhel8-8060020220401155929.2e213529", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-05-10T00:00:00Z"}, {"advisory": "RHSA-2022:7519", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "grafana-0:7.5.15-3.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-11-08T00:00:00Z"}, {"advisory": "RHSA-2022:7529", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:3.0-8070020220802115906.39077419", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-11-08T00:00:00Z"}, {"advisory": "RHSA-2024:0564", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "container-tools:3.0-8040020240104111259.c0c392d5", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:0564", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "container-tools:3.0-8040020240104111259.c0c392d5", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:0564", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "container-tools:3.0-8040020240104111259.c0c392d5", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2022:8057", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "grafana-0:7.5.15-3.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2022:2280", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2022-05-31T00:00:00Z"}, {"advisory": "RHBA-2022:5876", "cpe": "cpe:/a:redhat:openshift:4.10::el8", "package": "openshift4/kubernetes-nmstate-rhel8-operator:v4.10.0-202207291908.p0.g5f0b20d.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.10", "release_date": "2022-08-09T00:00:00Z"}, {"advisory": "RHBA-2022:5876", "cpe": "cpe:/a:redhat:openshift:4.10::el8", "package": "openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.10.0-202207291908.p0.g5f0b20d.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.10", "release_date": "2022-08-09T00:00:00Z"}, {"advisory": "RHSA-2022:1356", "cpe": "cpe:/a:redhat:openshift:4.10::el8", "package": "openshift4/ose-openstack-machine-controllers:v4.10.0-202204090935.p0.g12df76b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.10", "release_date": "2022-04-21T00:00:00Z"}, {"advisory": "RHSA-2022:5068", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "buildah-1:1.23.4-2.el8", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5068", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift-clients-0:4.11.0-202207291716.p0.g7075089.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5069", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5070", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/cloud-event-proxy-rhel8:v4.11.0-202208020706.p0.g642796d.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5070", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-cloud-event-proxy:v4.11.0-202208020706.p0.g642796d.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:5070", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-cloud-event-proxy-rhel8:v4.11.0-202208020706.p0.g642796d.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-08-10T00:00:00Z"}, {"advisory": "RHSA-2022:6537", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-sriov-network-webhook:v4.11.0-202209130958.p0.gb4f9fbd.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2022-09-20T00:00:00Z"}, {"advisory": "RHSA-2023:0566", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-operator-sdk-rhel8:v4.11.0-202301241446.p0.g1974dfd.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2023-02-07T00:00:00Z"}, {"advisory": "RHSA-2023:0652", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-helm-operator:v4.11.0-202302061916.p0.g1974dfd.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:1158", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-baremetal-rhel8-operator:v4.11.0-202303061754.p0.g55cd252.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2023-03-14T00:00:00Z"}, {"advisory": "RHSA-2023:2014", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-multus-admission-controller:v4.11.0-202304192028.p0.gb876064.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2023-05-02T00:00:00Z"}, {"advisory": "RHSA-2022:7399", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.12.0-202301042354.p0.g1959de0.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2023-01-17T00:00:00Z"}, {"advisory": "RHSA-2022:7399", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.12.0-202301042354.p0.g1584117.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2023-01-17T00:00:00Z"}, {"advisory": "RHSA-2022:7399", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.12.0-202301042354.p0.g8d208a7.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2023-01-17T00:00:00Z"}, {"advisory": "RHSA-2022:7399", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.12.0-202301042354.p0.g223d846.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2023-01-17T00:00:00Z"}, {"advisory": "RHSA-2022:7399", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.12.0-202301042354.p0.g2364e6a.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2023-01-17T00:00:00Z"}, {"advisory": "RHSA-2022:9096", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4-wincw/windows-machine-config-rhel8-operator:7.0.0-22", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2023-01-30T00:00:00Z"}, {"advisory": "RHSA-2023:1326", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.13.0-202304190216.p0.g68c0ecf.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-17T00:00:00Z"}, {"advisory": "RHSA-2023:1326", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-installer:v4.13.0-202305091542.p0.g44db7b2.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-17T00:00:00Z"}, {"advisory": "RHSA-2023:1326", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-multus-admission-controller:v4.13.0-202304190216.p0.gd6d52a7.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-17T00:00:00Z"}, {"advisory": "RHSA-2023:1326", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.13.0-202304190216.p0.g6f4295b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-17T00:00:00Z"}, {"advisory": "RHSA-2022:6156", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.11::el8", "package": "odf4/ocs-rhel8-operator:v4.11.0-67", "product_name": "Red Hat OpenShift Data Foundation 4.11 on RHEL8", "release_date": "2022-08-24T00:00:00Z"}, {"advisory": "RHSA-2022:6156", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.11::el8", "package": "odf4/odf-lvm-rhel8-operator:v4.11.0-39", "product_name": "Red Hat OpenShift Data Foundation 4.11 on RHEL8", "release_date": "2022-08-24T00:00:00Z"}, {"advisory": "RHSA-2022:6156", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.11::el8", "package": "odf4/odf-rhel8-operator:v4.11.0-27", "product_name": "Red Hat OpenShift Data Foundation 4.11 on RHEL8", "release_date": "2022-08-24T00:00:00Z"}, {"advisory": "RHSA-2024:4631", "cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "package": "devspaces/configbump-rhel8:3.15-2", "product_name": "Red Hat OpenShift Dev Spaces 3 Containers", "release_date": "2024-07-18T00:00:00Z"}, {"advisory": "RHSA-2024:4631", "cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "package": "devspaces/devspaces-rhel8-operator:3.15-10", "product_name": "Red Hat OpenShift Dev Spaces 3 Containers", "release_date": "2024-07-18T00:00:00Z"}, {"advisory": "RHSA-2022:6066", "cpe": "cpe:/a:redhat:openstack:16.1::el8", "package": "etcd-0:3.3.23-10.el8ost", "product_name": "Red Hat OpenStack Platform 16.1", "release_date": "2022-08-15T00:00:00Z"}, {"advisory": "RHSA-2022:6061", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "etcd-0:3.3.23-10.el8ost", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2022-08-15T00:00:00Z"}, {"advisory": "RHSA-2022:4667", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el7", "package": "kubevirt-0:4.10.1-489.el7", "product_name": "RHEL-7-CNV-4.10", "release_date": "2022-05-18T00:00:00Z"}, {"advisory": "RHSA-2024:2944", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "amq7/amq-broker-rhel8-operator:7.12.0-16", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2024-05-21T00:00:00Z"}, {"advisory": "RHSA-2024:2944", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "amq7/amq-broker-rhel8-operator-bundle:7.12.0-10", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2024-05-21T00:00:00Z"}, {"advisory": "RHSA-2022:4667", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "kubevirt-0:4.10.1-489.el8", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-05-18T00:00:00Z"}, {"advisory": "RHSA-2022:4668", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "container-native-virtualization/hostpath-provisioner-rhel8:v4.10.1-5", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-05-18T00:00:00Z"}, {"advisory": "RHSA-2022:4668", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "container-native-virtualization/hostpath-provisioner-rhel8-operator:v4.10.1-6", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-05-18T00:00:00Z"}, {"advisory": "RHSA-2022:4668", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8:v4.10.1-19", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-05-18T00:00:00Z"}, {"advisory": "RHSA-2022:4668", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "container-native-virtualization/kubevirt-template-validator:v4.10.1-4", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-05-18T00:00:00Z"}, {"advisory": "RHSA-2022:4668", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "container-native-virtualization/libguestfs-tools:v4.10.1-8", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-05-18T00:00:00Z"}, {"advisory": "RHSA-2022:4668", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "container-native-virtualization/virt-cdi-cloner:v4.10.1-16", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-05-18T00:00:00Z"}, {"advisory": "RHSA-2022:4668", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "container-native-virtualization/virt-launcher:v4.10.1-8", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-05-18T00:00:00Z"}, {"advisory": "RHSA-2022:5026", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "container-native-virtualization/hostpath-csi-driver:v4.10.2-1", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-06-14T00:00:00Z"}, {"advisory": "RHSA-2022:5026", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "container-native-virtualization/hostpath-csi-driver-rhel8:v4.10.2-1", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-06-14T00:00:00Z"}, {"advisory": "RHSA-2022:5026", "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package": "container-native-virtualization/kubernetes-nmstate-handler-rhel8:v4.10.2-3", "product_name": "RHEL-8-CNV-4.10", "release_date": "2022-06-14T00:00:00Z"}, {"advisory": "RHSA-2022:6526", "cpe": "cpe:/a:redhat:container_native_virtualization:4.11::el8", "package": "container-native-virtualization/cluster-network-addons-operator:v4.11.0-26", "product_name": "RHEL-8-CNV-4.11", "release_date": "2022-09-14T00:00:00Z"}, {"advisory": "RHSA-2022:6526", "cpe": "cpe:/a:redhat:container_native_virtualization:4.11::el8", "package": "container-native-virtualization/kubemacpool:v4.11.0-26", "product_name": "RHEL-8-CNV-4.11", "release_date": "2022-09-14T00:00:00Z"}, {"advisory": "RHSA-2022:6051", "cpe": "cpe:/a:redhat:logging:5.5::el8", "package": "openshift-logging/cluster-logging-rhel8-operator:v5.5.0-57", "product_name": "RHOL-5.5-RHEL-8", "release_date": "2022-08-18T00:00:00Z"}, {"advisory": "RHSA-2022:6051", "cpe": "cpe:/a:redhat:logging:5.5::el8", "package": "openshift-logging/eventrouter-rhel8:v0.4.0-14", "product_name": "RHOL-5.5-RHEL-8", "release_date": "2022-08-18T00:00:00Z"}, {"advisory": "RHSA-2022:6051", "cpe": "cpe:/a:redhat:logging:5.5::el8", "package": "openshift-logging/log-file-metric-exporter-rhel8:v1.1.0-38", "product_name": "RHOL-5.5-RHEL-8", "release_date": "2022-08-18T00:00:00Z"}], "bugzilla": {"description": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", "id": "2045880", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-772", "details": ["client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.", "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability."], "name": "CVE-2022-21698", "package_state": [{"cpe": "cpe:/a:redhat:cost_management:1", "fix_state": "Affected", "package_name": "costmanagement/costmanagement-metrics-rhel8-operator", "product_name": "Cost Management Metrics Operator"}, {"cpe": "cpe:/a:redhat:rhmt", "fix_state": "Affected", "package_name": "rhmtc/openshift-migration-controller-rhel8", "product_name": "Migration Toolkit for Containers"}, {"cpe": "cpe:/a:redhat:rhmt", "fix_state": "Affected", "package_name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8", "product_name": "Migration Toolkit for Containers"}, {"cpe": "cpe:/a:redhat:rhmt", "fix_state": "Affected", "package_name": "rhmtc/openshift-migration-velero-rhel8", "product_name": "Migration Toolkit for Containers"}, {"cpe": "cpe:/a:redhat:rhmt", "fix_state": "Affected", "package_name": "rhmtc/openshift-velero-plugin-rhel8", "product_name": "Migration Toolkit for Containers"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Affected", "package_name": "migration-toolkit-virtualization/mtv-controller-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Affected", "package_name": "helm", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Will not fix", "package_name": "jenkins-operator-container", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Will not fix", "package_name": "ocp-tools-4/service-binding-rhel8-operator", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Will not fix", "package_name": "odo", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Affected", "package_name": "source-to-image-container", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Will not fix", "package_name": "openshift-pipelines-client", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Will not fix", "package_name": "openshift-serverless-1-eventing-kafka-channel-webhook-rhel8-container", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Not affected", "package_name": "openshift-service-mesh/kiali-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:2.0", "fix_state": "Will not fix", "package_name": "servicemesh", "product_name": "OpenShift Service Mesh 2.0"}, {"cpe": "cpe:/a:redhat:service_mesh:2.0", "fix_state": "Will not fix", "package_name": "servicemesh-grafana", "product_name": "OpenShift Service Mesh 2.0"}, {"cpe": "cpe:/a:redhat:service_mesh:2.0", "fix_state": "Will not fix", "package_name": "servicemesh-operator", "product_name": "OpenShift Service Mesh 2.0"}, {"cpe": "cpe:/a:redhat:service_mesh:2.0", "fix_state": "Will not fix", "package_name": "servicemesh-prometheus", "product_name": "OpenShift Service Mesh 2.0"}, {"cpe": "cpe:/a:redhat:service_mesh:2.1", "fix_state": "Will not fix", "package_name": "openshift-service-mesh/kiali-rhel8", "product_name": "OpenShift Service Mesh 2.1"}, {"cpe": "cpe:/a:redhat:service_mesh:2.1", "fix_state": "Will not fix", "package_name": "servicemesh", "product_name": "OpenShift Service Mesh 2.1"}, {"cpe": "cpe:/a:redhat:service_mesh:2.1", "fix_state": "Will not fix", "package_name": "servicemesh-grafana", "product_name": "OpenShift Service Mesh 2.1"}, {"cpe": "cpe:/a:redhat:service_mesh:2.1", "fix_state": "Not affected", "package_name": "servicemesh-operator", "product_name": "OpenShift Service Mesh 2.1"}, {"cpe": "cpe:/a:redhat:service_mesh:2.1", "fix_state": "Not affected", "package_name": "servicemesh-prometheus", "product_name": "OpenShift Service Mesh 2.1"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-apicast-operator-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-operator-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "client_golang", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/acmesolver-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/acm-grafana-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/agent-service-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/assisted-image-service-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/assisted-installer-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/cainjector-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/cert-policy-controller-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/cluster-backup-rhel9-operator", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/clusterclaims-controller-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/cluster-curator-controller-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/clusterlifecycle-state-metrics-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/cluster-proxy-addon-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/configmap-watcher-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/config-policy-controller-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/discovery-rhel8-operator", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/endpoint-monitoring-rhel8-operator", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/endpoint-rhel8-operator", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/gatekeeper-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/gatekeeper-rhel8-operator", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/governance-policy-propagator-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/governance-policy-spec-sync-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/governance-policy-status-sync-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/governance-policy-template-sync-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/iam-policy-controller-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/insights-metrics-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/klusterlet-addon-controller-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/klusterlet-addon-lease-controller-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/kube-rbac-proxy-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/kube-state-metrics-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/lighthouse-agent-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/managedcluster-import-controller-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/memcached-exporter-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/metrics-collector-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/multicloud-integrations-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/multicloud-manager-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/multiclusterhub-repo-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/multiclusterhub-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/multicluster-observability-rhel8-operator", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/multicluster-operators-application-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/multicluster-operators-channel-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/multicluster-operators-deployable-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/multicluster-operators-placementrule-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/multicluster-operators-subscription-release-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/multicluster-operators-subscription-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/node-exporter-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/observatorium-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/openshift-hive-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/placement-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/prometheus-alertmanager-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/prometheus-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/provider-credential-controller-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/rbac-query-proxy-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/rcm-controller-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/registration-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/registration-rhel8-operator", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/search-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/subctl-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/submariner-addon-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/submariner-gateway-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/submariner-rhel8-operator", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/thanos-receive-controller-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/thanos-rhel7", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/volsync-mover-rclone-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/volsync-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/work-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Under investigation", "package_name": "advanced-cluster-security/rhacs-docs-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Under investigation", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Under investigation", "package_name": "advanced-cluster-security/rhacs-scanner-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Affected", "package_name": "amq-broker-rhel8-operator-container", "product_name": "Red Hat AMQ Broker 7"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "openshift-clients", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:4", "fix_state": "Under investigation", "package_name": "rhceph/rhceph-4-dashboard-rhel8", "product_name": "Red Hat Ceph Storage 4"}, {"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Under investigation", "package_name": "rhceph/rhceph-5-dashboard-rhel8", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "buildah", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "podman", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "container-tools:2.0/buildah", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "container-tools:2.0/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "container-tools:2.0/skopeo", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/buildah", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/conmon", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/skopeo", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "buildah", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "conmon", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "podman", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "skopeo", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "package_name": "atomic-enterprise-service-catalog", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "package_name": "openshift3/grafana", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "openshift3/ose-cluster-monitoring-operator", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "openshift3/ose-kube-rbac-proxy", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "openshift3/ose-prometheus-operator", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Fix deferred", "package_name": "openshift-enterprise-autoheal", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "assisted-installer-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "atomic-enterprise-service-catalog", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "cincinnati-operator-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "cri-o", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "machine-config-daemon", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/cnf-tests-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/compliance-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/dpu-network-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/file-integrity-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/metallb-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/metallb-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/numaresources-operator-bundle", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/oc-mirror-plugin-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-aws-cloud-controller-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-aws-efs-csi-driver-container-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-aws-efs-csi-driver-rhel9-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-aws-machine-controllers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-azure-cloud-node-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-azure-machine-controllers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-cluster-api-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-authentication-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-cluster-baremetal-operator-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-config-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-dns-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-ingress-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-kube-apiserver-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-cluster-kube-descheduler-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel9-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-cluster-logging-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-machine-approver-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-nfd-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-openshift-apiserver-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-clusterresourceoverride-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-clusterresourceoverride-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-cluster-version-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-console-rhel9-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-contour-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-coredns-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-csi-driver-manila-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-csi-external-attacher", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-csi-external-attacher-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-csi-livenessprobe", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-csi-livenessprobe-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-csi-node-driver-registrar", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-csi-node-driver-registrar-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-descheduler", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-elasticsearch-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-etcd", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-gcp-machine-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-ghostunnel", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-grafana", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-hello-openshift-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-hypershift-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-ibm-cloud-controller-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-image-customization-controller-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-insights-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-k8s-prometheus-adapter-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-kube-rbac-proxy", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-kube-storage-version-migrator-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-libvirt-machine-controllers-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-local-storage-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Out of support scope", "package_name": "openshift4/ose-local-storage-static-provisioner", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-logging-eventrouter", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-machine-api-provider-aws-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-machine-api-provider-azure-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-machine-api-provider-gcp-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-machine-api-provider-openstack-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-metering-ansible-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-metering-helm-container-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-multus-cni", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-node-feature-discovery", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-node-problem-detector-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-oauth-apiserver-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-oauth-proxy", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-oauth-server-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-openshift-apiserver-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-operator-registry-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-ovirt-machine-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-powervs-machine-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-prometheus-node-exporter", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-ptp", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-ptp-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-service-ca-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-tools-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-vertical-pod-autoscaler-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/special-resource-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift-compliance-operator-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift-file-integrity-operator-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift-tech-preview/metallb-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "podman", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "poison-pill-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "redhat/redhat-operator-index", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "skopeo", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:assisted_installer:", "fix_state": "Affected", "package_name": "rhai-tech-preview/assisted-installer-rhel8", "product_name": "Red Hat OpenShift Container Platform Assisted Installer"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Under investigation", "package_name": "mcg", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Under investigation", "package_name": "ocs4/cephcsi-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Under investigation", "package_name": "ocs4/mcg-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Under investigation", "package_name": "ocs4/ocs-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Under investigation", "package_name": "ocs4/rook-ceph-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Under investigation", "package_name": "ocs4/volume-replication-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-query-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-rhel8-operator", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Affected", "package_name": "rhosdt/opentelemetry-collector-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Affected", "package_name": "rhosdt/opentelemetry-rhel8-operator", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/applicationset-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/argocd-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/gitops-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/gitops-rhel8-operator", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Will not fix", "package_name": "cluster-network-addons-operator-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Will not fix", "package_name": "cnv-containernetworking-plugins-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Will not fix", "package_name": "hostpath-provisioner-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Will not fix", "package_name": "hostpath-provisioner-operator-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Will not fix", "package_name": "hyperconverged-cluster-operator-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Will not fix", "package_name": "hyperconverged-cluster-webhook-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Will not fix", "package_name": "kubemacpool-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Will not fix", "package_name": "kubernetes-nmstate-handler-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Will not fix", "package_name": "kubevirt", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Will not fix", "package_name": "node-maintenance-operator-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Will not fix", "package_name": "ovs-cni-plugin-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Will not fix", "package_name": "virt-cdi-cloner-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Will not fix", "package_name": "virt-launcher-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Will not fix", "package_name": "vm-import-virtv2v-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/node-maintenance-operator", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/vm-import-virtv2v-rhel8", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Not affected", "package_name": "sg-core-container", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Out of support scope", "package_name": "smart-gateway-container", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "osp-director-provisioner-container", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "rhosp-rhel8-tech-preview/osp-director-downloader", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "rhosp-rhel8-tech-preview/osp-director-operator", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay-bridge-operator", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/clair-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Under investigation", "package_name": "quay/quay-bridge-operator-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-builder-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-container-security-operator-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Under investigation", "package_name": "quay/quay-openshift-bridge-rhel8-operator", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-operator-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Will not fix", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:service_telemetry_framework:1.3::el8", "fix_state": "Will not fix", "package_name": "stf/sg-core-rhel8", "product_name": "Service Telemetry Framework 1.3 for RHEL 8"}, {"cpe": "cpe:/a:redhat:service_telemetry_framework:1.4::el8", "fix_state": "Not affected", "package_name": "stf/sg-core-rhel8", "product_name": "Service Telemetry Framework 1.4 for RHEL 8"}, {"cpe": "cpe:/a:redhat:service_telemetry_framework:1.5::el8", "fix_state": "Will not fix", "package_name": "stf/sg-core-rhel8", "product_name": "Service Telemetry Framework 1.5 for RHEL 8"}], "public_date": "2022-02-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-21698\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21698\nhttps://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p"], "statement": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream's (the Prometheus project) impact rating.", "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object