{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-49569", "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "state": "PUBLISHED", "assignerShortName": "Bitdefender", "dateReserved": "2023-11-27T14:21:51.157Z", "datePublished": "2024-01-12T10:41:00.201Z", "dateUpdated": "2024-11-14T14:34:02.845Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "go-git", "vendor": "go-git", "versions": [{"status": "affected", "version": "5.11.0"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Ionu\u021b Lalu"}], "datePublic": "2024-01-12T10:40:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A path traversal vulnerability was discovered in go-git versions prior to <code>v5.11</code>. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved.</p><p>Applications are only affected if they are using the <a target=\"_blank\" rel=\"nofollow\" href=\"https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS\">ChrootOS</a>, which is the default when using \"Plain\" versions of Open and Clone funcs (e.g. PlainClone). Applications using <a target=\"_blank\" rel=\"nofollow\" href=\"https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS\">BoundOS</a>&nbsp;or in-memory filesystems are not affected by this issue.<br>This is a <code>go-git</code>&nbsp;implementation issue and does not affect the upstream <code>git</code>&nbsp;cli.</p><br>"}], "value": "A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved.\n\nApplications are only affected if they are using the  ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using \"Plain\" versions of Open and Clone funcs (e.g. PlainClone). Applications using  BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS \u00a0or in-memory filesystems are not affected by this issue.\nThis is a go-git\u00a0implementation issue and does not affect the upstream git\u00a0cli.\n\n\n"}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender", "dateUpdated": "2024-01-12T10:41:00.201Z"}, "references": [{"url": "https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An update to version 5.11 fixes the issue"}], "value": "An update to version 5.11 fixes the issue"}], "source": {"advisory": "GHSA-449p-3h89-pw88", "discovery": "EXTERNAL"}, "title": "Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:01:25.499Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-18T19:36:00.641066Z", "id": "CVE-2023-49569", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T14:34:02.845Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:01:25.499Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-49569", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-01-18T19:36:00.641066Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T14:33:59.587Z"}}], "cna": {"title": "Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients", "source": {"advisory": "GHSA-449p-3h89-pw88", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Ionu\u021b Lalu"}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "go-git", "product": "go-git", "versions": [{"status": "affected", "version": "5.11.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "An update to version 5.11 fixes the issue", "supportingMedia": [{"type": "text/html", "value": "An update to version 5.11 fixes the issue", "base64": false}]}], "datePublic": "2024-01-12T10:40:00.000Z", "references": [{"url": "https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved.\n\nApplications are only affected if they are using the  ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using \"Plain\" versions of Open and Clone funcs (e.g. PlainClone). Applications using  BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS \u00a0or in-memory filesystems are not affected by this issue.\nThis is a go-git\u00a0implementation issue and does not affect the upstream git\u00a0cli.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>A path traversal vulnerability was discovered in go-git versions prior to <code>v5.11</code>. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved.</p><p>Applications are only affected if they are using the <a target=\"_blank\" rel=\"nofollow\" href=\"https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS\">ChrootOS</a>, which is the default when using \"Plain\" versions of Open and Clone funcs (e.g. PlainClone). Applications using <a target=\"_blank\" rel=\"nofollow\" href=\"https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS\">BoundOS</a>&nbsp;or in-memory filesystems are not affected by this issue.<br>This is a <code>go-git</code>&nbsp;implementation issue and does not affect the upstream <code>git</code>&nbsp;cli.</p><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender", "dateUpdated": "2024-01-12T10:41:00.201Z"}}}, "cveMetadata": {"cveId": "CVE-2023-49569", "state": "PUBLISHED", "dateUpdated": "2024-11-14T14:34:02.845Z", "dateReserved": "2023-11-27T14:21:51.157Z", "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "datePublished": "2024-01-12T10:41:00.201Z", "assignerShortName": "Bitdefender"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:go-git_project:go-git:*:*:*:*:*:go:*:*", "matchCriteriaId": "61C9245F-61A4-4756-83B1-13CE56E28FF0", "versionEndExcluding": "5.11.0", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved.\n\nApplications are only affected if they are using the  ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using \"Plain\" versions of Open and Clone funcs (e.g. PlainClone). Applications using  BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS \u00a0or in-memory filesystems are not affected by this issue.\nThis is a go-git\u00a0implementation issue and does not affect the upstream git\u00a0cli.\n\n\n"}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de path traversal en versiones de go-git anteriores a la v5.11. Esta vulnerabilidad permite a un atacante crear y modificar archivos en todo el sistema de archivos. En el peor de los casos, se podr\u00eda lograr la ejecuci\u00f3n remota de c\u00f3digo. Las aplicaciones solo se ven afectadas si usan ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS, que es el valor predeterminado cuando se usan versiones \"simples\" de Open y funciones de clonaci\u00f3n (por ejemplo, PlainClone). Las aplicaciones que utilizan BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS o sistemas de archivos en memoria no se ven afectados por este problema. Este es un problema de implementaci\u00f3n de go-git y no afecta el cli de git ascendente."}], "id": "CVE-2023-49569", "lastModified": "2024-11-21T08:33:34.583", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cve-requests@bitdefender.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-12T11:15:13.250", "references": [{"source": "cve-requests@bitdefender.com", "tags": ["Vendor Advisory"], "url": "https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88"}], "sourceIdentifier": "cve-requests@bitdefender.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:6221", "cpe": "cpe:/a:redhat:openshift_builds:1.1::el9", "package": "openshift-builds-controller-container", "product_name": "Builds for Red Hat OpenShift", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:0989", "cpe": "cpe:/a:redhat:multicluster_globalhub:1.0::el8", "package": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8:v1.0.2-4", "product_name": "multicluster-globalhub 1.0 for RHEL 8", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-controller-rhel8:v1.0.1-4", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-git-cloner-rhel8:v1.0.1-4", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-image-bundler-rhel8:v1.0.1-4", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-image-processing-rhel8:v1.0.1-4", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-operator-bundle:v1.0.1-11", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-rhel8-operator:v1.0.1-6", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-waiters-rhel8:v1.0.1-4", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-webhook-rhel8:v1.0.1-4", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:0880", "cpe": "cpe:/a:redhat:serverless:1.0::el8", "package": "openshift-serverless-clients-0:1.10.0-6.el8", "product_name": "Openshift Serverless 1 on RHEL 8", "release_date": "2024-02-20T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-governance-policy-addon-controller-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-governance-policy-framework-addon-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-grafana-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-must-gather-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-operator-bundle:v2.7.11-14", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-prometheus-config-reloader-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-prometheus-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-search-indexer-rhel8:v2.7.11-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-search-v2-api-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-search-v2-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-volsync-addon-controller-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/cert-policy-controller-rhel8:v2.7.11-7", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/cluster-backup-rhel8-operator:v2.7.11-10", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/config-policy-controller-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/console-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/endpoint-monitoring-rhel8-operator:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/governance-policy-propagator-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/grafana-dashboard-loader-rhel8:v2.7.11-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/iam-policy-controller-rhel8:v2.7.11-7", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/insights-client-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/insights-metrics-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/klusterlet-addon-controller-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/kube-rbac-proxy-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/kube-state-metrics-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/memcached-exporter-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/memcached-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/metrics-collector-rhel8:v2.7.11-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/multicloud-integrations-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/multiclusterhub-rhel8:v2.7.11-7", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/multicluster-observability-rhel8-operator:v2.7.11-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/multicluster-operators-application-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/multicluster-operators-channel-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/multicluster-operators-subscription-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/node-exporter-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/observatorium-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/observatorium-rhel8-operator:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/prometheus-alertmanager-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/prometheus-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/rbac-query-proxy-rhel8:v2.7.11-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/search-collector-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/submariner-addon-rhel8:v2.7.11-7", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/thanos-receive-controller-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/thanos-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0820", "cpe": "cpe:/a:redhat:acm:2.8::el8", "package": "rhacm2/multicluster-operators-subscription-rhel8:v2.8.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.8 for RHEL 8", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2024:0298", "cpe": "cpe:/a:redhat:acm:2.9::el8", "package": "rhacm2/multicluster-operators-subscription-rhel8:v2.9.2-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.9 for RHEL 8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:1549", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package": "advanced-cluster-security/rhacs-central-db-rhel8:4.3.6-2", "product_name": "Red Hat Advanced Cluster Security 4.3", "release_date": "2024-03-27T00:00:00Z"}, {"advisory": "RHSA-2024:1549", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package": "advanced-cluster-security/rhacs-collector-rhel8:4.3.6-3", "product_name": "Red Hat Advanced Cluster Security 4.3", "release_date": "2024-03-27T00:00:00Z"}, {"advisory": "RHSA-2024:1549", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package": "advanced-cluster-security/rhacs-collector-slim-rhel8:4.3.6-1", "product_name": "Red Hat Advanced Cluster Security 4.3", "release_date": "2024-03-27T00:00:00Z"}, {"advisory": "RHSA-2024:1549", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:4.3.6-4", "product_name": "Red Hat Advanced Cluster Security 4.3", "release_date": "2024-03-27T00:00:00Z"}, {"advisory": "RHSA-2024:1549", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package": "advanced-cluster-security/rhacs-operator-bundle:4.3.6-4", "product_name": "Red Hat Advanced Cluster Security 4.3", "release_date": "2024-03-27T00:00:00Z"}, {"advisory": "RHSA-2024:1549", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package": "advanced-cluster-security/rhacs-rhel8-operator:4.3.6-2", "product_name": "Red Hat Advanced Cluster Security 4.3", "release_date": "2024-03-27T00:00:00Z"}, {"advisory": "RHSA-2024:1549", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package": "advanced-cluster-security/rhacs-roxctl-rhel8:4.3.6-2", "product_name": "Red Hat Advanced Cluster Security 4.3", "release_date": "2024-03-27T00:00:00Z"}, {"advisory": "RHSA-2024:1549", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package": "advanced-cluster-security/rhacs-scanner-db-rhel8:4.3.6-3", "product_name": "Red Hat Advanced Cluster Security 4.3", "release_date": "2024-03-27T00:00:00Z"}, {"advisory": "RHSA-2024:1549", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.3.6-1", "product_name": "Red Hat Advanced Cluster Security 4.3", "release_date": "2024-03-27T00:00:00Z"}, {"advisory": "RHSA-2024:1549", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package": "advanced-cluster-security/rhacs-scanner-rhel8:4.3.6-3", "product_name": "Red Hat Advanced Cluster Security 4.3", "release_date": "2024-03-27T00:00:00Z"}, {"advisory": "RHSA-2024:1549", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package": "advanced-cluster-security/rhacs-scanner-slim-rhel8:4.3.6-3", "product_name": "Red Hat Advanced Cluster Security 4.3", "release_date": "2024-03-27T00:00:00Z"}, {"advisory": "RHSA-2024:4118", "cpe": "cpe:/a:redhat:ceph_storage:5.3::el8", "package": "ceph-2:16.2.10-266.el8cp", "product_name": "Red Hat Ceph Storage 5.3", "release_date": "2024-06-26T00:00:00Z"}, {"advisory": "RHSA-2024:4118", "cpe": "cpe:/a:redhat:ceph_storage:5.3::el8", "package": "ceph-ansible-0:6.0.28.8-1.el8cp", "product_name": "Red Hat Ceph Storage 5.3", "release_date": "2024-06-26T00:00:00Z"}, {"advisory": "RHSA-2024:2633", "cpe": "cpe:/a:redhat:ceph_storage:6.1::el9", "package": "rhceph/keepalived-rhel9:2.2.8-11", "product_name": "Red Hat Ceph Storage 6.1", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2633", "cpe": "cpe:/a:redhat:ceph_storage:6.1::el9", "package": "rhceph/rhceph-6-dashboard-rhel9:6-90", "product_name": "Red Hat Ceph Storage 6.1", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2633", "cpe": "cpe:/a:redhat:ceph_storage:6.1::el9", "package": "rhceph/rhceph-6-rhel9:6-311", "product_name": "Red Hat Ceph Storage 6.1", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2633", "cpe": "cpe:/a:redhat:ceph_storage:6.1::el9", "package": "rhceph/rhceph-haproxy-rhel9:2.4.22-12", "product_name": "Red Hat Ceph Storage 6.1", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2633", "cpe": "cpe:/a:redhat:ceph_storage:6.1::el9", "package": "rhceph/rhceph-promtail-rhel9:v2.4.0-19", "product_name": "Red Hat Ceph Storage 6.1", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2633", "cpe": "cpe:/a:redhat:ceph_storage:6.1::el9", "package": "rhceph/snmp-notifier-rhel9:1.2.1-57", "product_name": "Red Hat Ceph Storage 6.1", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:3925", "cpe": "cpe:/a:redhat:ceph_storage:7.1::el8", "package": "ceph-2:18.2.1-194.el8cp", "product_name": "Red Hat Ceph Storage 7.1", "release_date": "2024-06-14T00:00:00Z"}, {"advisory": "RHSA-2024:0832", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-ansible-operator:v4.12.0-202402081808.p0.g0bd975e.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:0832", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-helm-operator:v4.12.0-202402081808.p0.g0bd975e.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:0832", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-operator-sdk-rhel8:v4.12.0-202402081808.p0.g0bd975e.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:0833", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-operator-lifecycle-manager:v4.12.0-202402111607.p0.g9dd28b4.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:0833", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-operator-registry:v4.12.0-202402111607.p0.g9dd28b4.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:0833", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "redhat/redhat-operator-index:v4.12.0-202402111607.p0.g9dd28b4.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:1052", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-olm-rukpak-rhel8:v4.12.0-202402161937.p0.gf219ce7.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-03-06T00:00:00Z"}, {"advisory": "RHSA-2024:1896", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "impact": "low", "package": "openshift4/oc-mirror-plugin-rhel8:v4.12.0-202404171248.p0.g3f39dc6.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-04-25T00:00:00Z"}, {"advisory": "RHSA-2024:0740", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-ansible-operator:v4.13.0-202402020908.p0.g01bfabb.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2024:0740", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-helm-operator:v4.13.0-202402020908.p0.g01bfabb.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2024:0740", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-operator-sdk-rhel8:v4.13.0-202402071637.p0.g01bfabb.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2024:0741", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-olm-rukpak-rhel8:v4.13.0-202402070238.p0.gaf47118.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2024:0845", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-operator-lifecycle-manager:v4.13.0-202402081808.p0.g4cc5232.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:0845", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-operator-registry:v4.13.0-202402081808.p0.g4cc5232.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:2047", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "impact": "low", "package": "openshift4/oc-mirror-plugin-rhel8:v4.13.0-202404200313.p0.g02367d7.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-05-02T00:00:00Z"}, {"advisory": "RHSA-2024:0641", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-ansible-operator:v4.14.0-202401301709.p0.g0f0d1b2.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0641", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-helm-operator:v4.14.0-202401301709.p0.g0f0d1b2.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0641", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-operator-sdk-rhel8:v4.14.0-202401301709.p0.g0f0d1b2.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0642", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-olm-catalogd-rhel8:v4.14.0-202401292111.p0.ga333cb0.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0642", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-olm-operator-controller-rhel8:v4.14.0-202401292111.p0.gfb6fb27.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0642", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-operator-lifecycle-manager:v4.14.0-202402010409.p0.gb831504.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0642", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-operator-registry:v4.14.0-202402010409.p0.gb831504.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0642", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "redhat/redhat-operator-index:v4.14.0-202402010409.p0.gb831504.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0735", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-olm-rukpak-rhel8:v4.14.0-202402060410.p0.g2287fb2.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-13T00:00:00Z"}, {"advisory": "RHSA-2024:1891", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "impact": "low", "package": "openshift4/oc-mirror-plugin-rhel8:v4.14.0-202404161544.p0.ga0733c1.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-04-26T00:00:00Z"}, {"advisory": "RHSA-2023:7197", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-ansible-operator:v4.15.0-202402082307.p0.g08d08dd.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7197", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-helm-operator:v4.15.0-202402082307.p0.g08d08dd.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7197", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-operator-sdk-rhel8:v4.15.0-202402210637.p0.g08d08dd.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-olm-catalogd-rhel8:v4.15.0-202402082307.p0.gc1a9a8e.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-olm-operator-controller-rhel8:v4.15.0-202402082307.p0.ge290693.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-olm-rukpak-rhel8:v4.15.0-202402082307.p0.g36acf8d.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-operator-lifecycle-manager-rhel9:v4.15.0-202402131807.p0.g0e8b957.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-operator-registry-rhel9:v4.15.0-202402131807.p0.g0e8b957.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2024:8425", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "impact": "low", "package": "openshift4/oc-mirror-plugin-rhel9:v4.15.0-202410230304.p0.ge91f573.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-10-31T00:00:00Z"}, {"advisory": "RHSA-2024:0040", "cpe": "cpe:/a:redhat:openshift:4.16::el8", "package": "openshift4/ose-ansible-operator:v4.16.0-202406130637.p0.g4194617.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0040", "cpe": "cpe:/a:redhat:openshift:4.16::el8", "package": "openshift4/ose-helm-rhel9-operator:v4.16.0-202406131906.p0.g4194617.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0040", "cpe": "cpe:/a:redhat:openshift:4.16::el8", "package": "openshift4/ose-operator-sdk-rhel9:v4.16.0-202406131906.p0.g4194617.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "impact": "low", "package": "openshift4/oc-mirror-plugin-rhel9:v4.16.0-202406131906.p0.g7c0889f.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-olm-catalogd-rhel9:v4.16.0-202406131906.p0.g79975a5.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "impact": "low", "package": "openshift4/ose-olm-operator-controller-rhel9:v4.16.0-202406131906.p0.g80b8649.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-olm-rukpak-rhel9:v4.16.0-202406131906.p0.g282cc84.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-operator-lifecycle-manager-rhel9:v4.16.0-202406131906.p0.g1aacee6.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-operator-registry-rhel9:v4.16.0-202406131906.p0.g1aacee6.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "redhat/redhat-operator-index:v4.16.0-202406131906.p0.g1aacee6.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/argocd-rhel8:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/argo-rollouts-rhel8:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/console-plugin-rhel8:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/dex-rhel8:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/gitops-operator-bundle:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/gitops-rhel8:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/gitops-rhel8-operator:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/kam-delivery-rhel8:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/must-gather-rhel8:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/client-kn-rhel8:1.10.0-5", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-controller-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-istio-controller-rhel8:1.10.0-5", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.10.0-3", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.10.0-3", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.10.0-3", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8:1.10.0-3", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.10.0-3", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-mtping-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-storage-version-migration-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-webhook-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/func-utils-rhel8:1.31.1-2", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/ingress-rhel8-operator:1.31.1-2", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/knative-rhel8-operator:1.31.1-2", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/kn-cli-artifacts-rhel8:1.10.0-3", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/kourier-control-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/net-istio-controller-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/net-istio-webhook-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serverless-operator-bundle:1.31.1-1", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serverless-rhel8-operator:1.31.1-2", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-activator-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-autoscaler-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-controller-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-domain-mapping-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-queue-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-storage-version-migration-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-webhook-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/svls-must-gather-rhel8:1.31.1-2", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1-tech-preview/eventing-istio-controller-rhel8:1.10.0-5", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1-tech-preview/logic-swf-builder-rhel8:1.31.0-5", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1-tech-preview/logic-swf-devmode-rhel8:1.31.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:5013", "cpe": "cpe:/a:redhat:openshift_builds:1.1::el9", "package": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9:sha256:a911fd84b3d9bf2ec221660507f4f234ec1ecfc232e9a511a4bd18a2598783df", "product_name": "Builds for Red Hat OpenShift 1.1.1", "release_date": "2024-08-05T00:00:00Z"}], "bugzilla": {"description": "go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients", "id": "2258143", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258143"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-22", "details": ["A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved.\nApplications are only affected if they are using the  ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using \"Plain\" versions of Open and Clone funcs (e.g. PlainClone). Applications using  BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS \u00a0or in-memory filesystems are not affected by this issue.\nThis is a go-git\u00a0implementation issue and does not affect the upstream git\u00a0cli.", "A path traversal vulnerability was discovered in the go library go-git. This issue may allow an attacker to create and amend files across the filesystem when applications are using the default ChrootOS, potentially allowing remote code execution."], "mitigation": {"lang": "en:us", "value": "In cases where a bump to the latest version of go-git is not possible, a recommendation to reduce the exposure of this threat is limiting its use to only trust-worthy Git servers."}, "name": "CVE-2023-49569", "package_state": [{"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Will not fix", "package_name": "odo", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "hub-of-hubs-gitops", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "multicluster-engine", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Will not fix", "package_name": "multicluster-engine-assisted-installer-reporter", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Will not fix", "package_name": "multicluster-engine-assisted-service", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "multicluster-globalhub-grafana", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/cluster-curator-controller-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/clusterlifecycle-state-metrics-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/multicluster-operators-subscription-release-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/openshift-hive-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/submariner-rhel8-operator", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-central-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-rhel8-operator", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-roxctl-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-scanner-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-scanner-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-scanner-slim-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "cri-o", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-cli", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cli-artifacts", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-cli-artifacts-alt-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-deployer", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-tools-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift-clients", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-csi-addons-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-csi-addons-sidecar-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odr-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-ml-pipelines-api-server-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-ml-pipelines-artifact-manager-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-ml-pipelines-cache-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-ml-pipelines-persistenceagent-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-ml-pipelines-viewercontroller-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Not affected", "package_name": "devspaces/devspaces-rhel8-operator", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/cluster-network-addons-operator", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/cluster-network-addons-operator-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "osp-director-provisioner-container", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "rhosp-rhel8/osp-director-agent", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "rhosp-rhel8-tech-preview/osp-director-downloader", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "rhosp-rhel8-tech-preview/osp-director-operator", "product_name": "Red Hat OpenStack Platform 16.2"}], "public_date": "2024-01-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-49569\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-49569\nhttps://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88"], "statement": "This problem only affects the go implementation and not the original git cli code. Applications using BoundOS or in-memory filesystems are not affected by this issue. Clients should be limited to connect to only trusted git servers to reduce the risk of compromise.\nIn OpenShift Container Platform (OCP) the vulnerable github.com/go-git/go-git/v5 Go package is used as a dependency in many components where the vulnerable function is not used, hence the impact by this vulnerability is reduced to Low.\nIn Openshift-Clients, the affected github.com/go-git/go-git/v5 is a transitive dependency and Openshift-Clients do not use the affected codebase of the go-git package. Hence, it is marked as Not Affected.", "threat_severity": "Critical"}