{ "threat_severity" : "Important", "public_date" : "2022-12-27T00:00:00Z", "bugzilla" : { "description" : "goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be", "id" : "2156729", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2156729" }, "cvss3" : { "cvss3_base_score" : "7.0", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "status" : "verified" }, "cwe" : "CWE-331", "details" : [ "Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.", "A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functions." ], "affected_release" : [ { "product_name" : "OpenShift Service Mesh 2.1", "release_date" : "2023-01-30T00:00:00Z", "advisory" : "RHSA-2023:0540", "cpe" : "cpe:/a:redhat:service_mesh:2.1::el8", "package" : "servicemesh-0:2.1.6-1.el8" }, { "product_name" : "OpenShift Service Mesh 2.1", "release_date" : "2023-01-30T00:00:00Z", "advisory" : "RHSA-2023:0540", "cpe" : "cpe:/a:redhat:service_mesh:2.1::el8", "package" : "servicemesh-operator-0:2.1.6-1.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.10", "release_date" : "2023-02-08T00:00:00Z", "advisory" : "RHSA-2023:0561", "cpe" : "cpe:/a:redhat:openshift:4.10::el8", "package" : "openshift4/ose-cluster-network-operator:v4.10.0-202301310115.p0.gdc0a59a.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.10", "release_date" : "2023-03-01T00:00:00Z", "advisory" : "RHSA-2023:0899", "cpe" : "cpe:/a:redhat:openshift:4.10::el8", "package" : "openshift4/ose-installer:v4.10.0-202302161028.p0.g8862860.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.10", "release_date" : "2023-03-16T00:00:00Z", "advisory" : "RHSA-2023:1154", "cpe" : "cpe:/a:redhat:openshift:4.10::el8", "package" : "openshift4/ose-machine-config-operator:v4.10.0-202303032215.p0.ga21b2b8.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.10", "release_date" : "2023-03-29T00:00:00Z", "advisory" : "RHSA-2023:1393", "cpe" : "cpe:/a:redhat:openshift:4.10::el8", "package" : "openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.10.0-202303162241.p0.g68b1665.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.11", "release_date" : "2023-02-07T00:00:00Z", "advisory" : "RHSA-2023:0565", "cpe" : "cpe:/a:redhat:openshift:4.11::el8", "package" : "openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202301191245.p0.g4ffdd2f.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.11", "release_date" : "2023-02-07T00:00:00Z", "advisory" : "RHSA-2023:0565", "cpe" : "cpe:/a:redhat:openshift:4.11::el8", "package" : "openshift4/ose-image-customization-controller-rhel8:v4.11.0-202301252336.p0.ge0e3979.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.11", "release_date" : "2023-02-15T00:00:00Z", "advisory" : "RHSA-2023:0651", "cpe" : "cpe:/a:redhat:openshift:4.11::el8", "package" : "openshift4/ose-machine-config-operator:v4.11.0-202302071115.p0.gc101063.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.11", "release_date" : "2023-02-21T00:00:00Z", "advisory" : "RHSA-2023:0774", "cpe" : "cpe:/a:redhat:openshift:4.11::el8", "package" : "openshift4/ose-installer:v4.11.0-202302130454.p0.g59d1196.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.11", "release_date" : "2023-03-14T00:00:00Z", "advisory" : "RHSA-2023:1159", "cpe" : "cpe:/a:redhat:openshift:4.11::el8", "package" : "openshift4/dpu-network-rhel8-operator:v4.11.0-202302282354.p0.g7183b08.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.11", "release_date" : "2023-03-22T00:00:00Z", "advisory" : "RHSA-2023:1297", "cpe" : "cpe:/a:redhat:openshift:4.11::el8", "package" : "openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.11.0-202303151654.p0.g4695e71.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2023-01-30T00:00:00Z", "advisory" : "RHSA-2023:0449", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift4/ose-image-customization-controller-rhel8:v4.12.0-202301171655.p0.g27777d0.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2023-02-07T00:00:00Z", "advisory" : "RHSA-2023:0569", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift4/ose-machine-config-operator:v4.12.0-202301262025.p0.ge3dc943.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2023-02-16T00:00:00Z", "advisory" : "RHSA-2023:0728", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift4/ose-installer:v4.12.0-202302080355.p0.gb8d2457.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2023-02-20T00:00:00Z", "advisory" : "RHSA-2023:0770", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift4/dpu-network-rhel8-operator:v4.12.0-202302111028.p0.gb6124a7.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2023-03-21T00:00:00Z", "advisory" : "RHSA-2023:1270", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.12.0-202303081941.p0.gc56075a.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2023-05-17T00:00:00Z", "advisory" : "RHSA-2023:1326", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "openshift4/ose-image-customization-controller-rhel8:v4.13.0-202304260928.p0.g8765166.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2023-05-17T00:00:00Z", "advisory" : "RHSA-2023:1326", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "openshift4/ose-installer:v4.13.0-202305091542.p0.g44db7b2.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2023-05-17T00:00:00Z", "advisory" : "RHSA-2023:1326", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "openshift4/ose-machine-config-operator:v4.13.0-202304251516.p0.g70aa0a5.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.9", "release_date" : "2023-02-13T00:00:00Z", "advisory" : "RHSA-2023:0574", "cpe" : "cpe:/a:redhat:openshift:4.9::el8", "package" : "openshift4/ose-cluster-network-operator:v4.9.0-202301301454.p0.gbb98961.assembly.stream" }, { "product_name" : "Red Hat OpenShift GitOps 1.5", "release_date" : "2023-02-17T00:00:00Z", "advisory" : "RHSA-2023:0804", "cpe" : "cpe:/a:redhat:openshift_gitops:1.5::el8", "package" : "openshift-gitops-1/applicationset-rhel8:v1.5.10-6" }, { "product_name" : "Red Hat OpenShift GitOps 1.5", "release_date" : "2023-02-17T00:00:00Z", "advisory" : "RHSA-2023:0804", "cpe" : "cpe:/a:redhat:openshift_gitops:1.5::el8", "package" : "openshift-gitops-1/argocd-rhel8:v1.5.10-6" }, { "product_name" : "Red Hat OpenShift GitOps 1.5", "release_date" : "2023-02-17T00:00:00Z", "advisory" : "RHSA-2023:0804", "cpe" : "cpe:/a:redhat:openshift_gitops:1.5::el8", "package" : "openshift-gitops-1/dex-rhel8:v1.5.10-6" }, { "product_name" : "Red Hat OpenShift GitOps 1.5", "release_date" : "2023-02-17T00:00:00Z", "advisory" : "RHSA-2023:0804", "cpe" : "cpe:/a:redhat:openshift_gitops:1.5::el8", "package" : "openshift-gitops-1/gitops-rhel8-operator:v1.5.10-6" }, { "product_name" : "Red Hat OpenShift GitOps 1.5", "release_date" : "2023-02-17T00:00:00Z", "advisory" : "RHSA-2023:0804", "cpe" : "cpe:/a:redhat:openshift_gitops:1.5::el8", "package" : "openshift-gitops-1/kam-delivery-rhel8:v1.5.10-6" }, { "product_name" : "Red Hat OpenShift GitOps 1.6", "release_date" : "2023-02-17T00:00:00Z", "advisory" : "RHSA-2023:0802", "cpe" : "cpe:/a:redhat:openshift_gitops:1.6::el8", "package" : "openshift-gitops-1/argocd-rhel8:v1.6.5-5" }, { "product_name" : "Red Hat OpenShift GitOps 1.6", "release_date" : "2023-02-17T00:00:00Z", "advisory" : "RHSA-2023:0802", "cpe" : "cpe:/a:redhat:openshift_gitops:1.6::el8", "package" : "openshift-gitops-1/dex-rhel8:v1.6.5-5" }, { "product_name" : "Red Hat OpenShift GitOps 1.6", "release_date" : "2023-02-17T00:00:00Z", "advisory" : "RHSA-2023:0802", "cpe" : "cpe:/a:redhat:openshift_gitops:1.6::el8", "package" : "openshift-gitops-1/gitops-rhel8-operator:v1.6.5-5" }, { "product_name" : "Red Hat OpenShift GitOps 1.6", "release_date" : "2023-02-17T00:00:00Z", "advisory" : "RHSA-2023:0802", "cpe" : "cpe:/a:redhat:openshift_gitops:1.6::el8", "package" : "openshift-gitops-1/kam-delivery-rhel8:v1.6.5-5" }, { "product_name" : "Red Hat OpenShift GitOps 1.7", "release_date" : "2023-02-17T00:00:00Z", "advisory" : "RHSA-2023:0803", "cpe" : "cpe:/a:redhat:openshift_gitops:1.7::el8", "package" : "openshift-gitops-1/argocd-rhel8:v1.7.2-5" }, { "product_name" : "Red Hat OpenShift GitOps 1.7", "release_date" : "2023-02-17T00:00:00Z", "advisory" : "RHSA-2023:0803", "cpe" : "cpe:/a:redhat:openshift_gitops:1.7::el8", "package" : "openshift-gitops-1/dex-rhel8:v1.7.2-5" }, { "product_name" : "Red Hat OpenShift GitOps 1.7", "release_date" : "2023-02-17T00:00:00Z", "advisory" : "RHSA-2023:0803", "cpe" : "cpe:/a:redhat:openshift_gitops:1.7::el8", "package" : "openshift-gitops-1/gitops-rhel8-operator:v1.7.2-5" }, { "product_name" : "Red Hat OpenShift GitOps 1.7", "release_date" : "2023-02-17T00:00:00Z", "advisory" : "RHSA-2023:0803", "cpe" : "cpe:/a:redhat:openshift_gitops:1.7::el8", "package" : "openshift-gitops-1/kam-delivery-rhel8:v1.7.2-5" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.3 for RHEL 8", "release_date" : "2023-01-30T00:00:00Z", "advisory" : "RHSA-2023:0542", "cpe" : "cpe:/a:redhat:service_mesh:2.3::el8", "package" : "openshift-service-mesh/istio-rhel8-operator:2.3.1-10" }, { "product_name" : "RHODF-4.12-RHEL-8", "release_date" : "2023-03-08T00:00:00Z", "advisory" : "RHSA-2023:1170", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.12::el8", "package" : "odf4/mcg-rhel8-operator:v4.12.1-4" }, { "product_name" : "RHODF-4.13-RHEL-9", "release_date" : "2023-06-21T00:00:00Z", "advisory" : "RHSA-2023:3742", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.13::el9", "package" : "odf4/mcg-rhel9-operator:v4.13.0-41" } ], "package_state" : [ { "product_name" : "cert-manager Operator for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "cert-manager/jetstack-cert-manager-rhel9", "cpe" : "cpe:/a:redhat:cert_manager:1" }, { "product_name" : "Cryostat 2", "fix_state" : "Not affected", "package_name" : "cryostat/cryostat-rhel8-operator", "cpe" : "cpe:/a:redhat:cryostat:2" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/logging-loki-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/lokistack-gateway-rhel8", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Affected", "package_name" : "helm", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Affected", "package_name" : "jenkins-operator-container", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Fix deferred", "package_name" : "openshift-serverless-1/client-kn-rhel8", "cpe" : "cpe:/a:redhat:serverless:1", "impact" : "low" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Fix deferred", "package_name" : "openshift-serverless-1/ingress-rhel8-operator", "cpe" : "cpe:/a:redhat:serverless:1", "impact" : "low" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Fix deferred", "package_name" : "openshift-serverless-1-knative-client-plugin-event-sender-rhel8-container", "cpe" : "cpe:/a:redhat:serverless:1", "impact" : "low" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Fix deferred", "package_name" : "openshift-serverless-1/serving-queue-rhel8", "cpe" : "cpe:/a:redhat:serverless:1", "impact" : "low" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-cni-rhel8", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-operator-container", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "acm-governance-policy-framework-addon-container/acm-governance-policy-framework-addon-container", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "acm-multicluster-globalhub-agent-container/acm-multicluster-globalhub-agent-container", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "acm-search-v2-operator-container/acm-search-v2-operator-container", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/acm-cluster-proxy-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/acm-governance-policy-addon-controller-rhel9", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/acm-grafana-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/acm-search-indexer-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/acm-volsync-addon-controller-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/cert-policy-controller-rhel9", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/config-policy-controller-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/governance-policy-propagator-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/governance-policy-spec-sync-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/governance-policy-status-sync-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/governance-policy-template-sync-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/iam-policy-controller-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/multiclusterhub-repo-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/multiclusterhub-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/multicluster-operators-application-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/multicluster-operators-channel-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/multicluster-operators-subscription-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/rbac-query-proxy-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/search-aggregator-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/search-collector-rhel9", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/search-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-main-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-scanner-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Ansible Automation Platform 1.2", "fix_state" : "Not affected", "package_name" : "helm", "cpe" : "cpe:/a:redhat:ansible_automation_platform" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/bare-metal-event-relay-operator-bundle", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/bare-metal-event-relay-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/cnf-tests-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/kubernetes-nmstate-rhel9-operator", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/metallb-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/oc-mirror-plugin-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-agent-installer-api-server-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-agent-installer-csr-approver-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-alibaba-cloud-controller-manager-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-aws-cluster-api-controllers-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-azure-cluster-api-controllers-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-cluster-capi-rhel9-operator", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-cluster-node-tuning-rhel9-operator", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-cluster-platform-operators-manager-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-console", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-docker-builder", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-gcp-cluster-api-controllers-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-gcp-filestore-csi-driver-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-grafana", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-hypershift-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-ibmcloud-cluster-api-controllers-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-local-storage-rhel9-operator", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-machine-api-provider-openstack-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-metering-ansible-operator", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-metering-helm-container-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-olm-rukpak-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-openshift-apiserver-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-openshift-controller-manager-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-operator-marketplace", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-operator-sdk-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-ptp", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-ptp-operator", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-sriov-network-webhook", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-vsphere-cluster-api-controllers-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ptp-must-gather-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/special-resource-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/topology-aware-lifecycle-manager-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4-wincw/windows-machine-config-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ztp-site-generate-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift-compliance-openscap-container", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift-security-profiles-operator-container/openshift-security-profiles-operator-container", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift-tech-preview/metallb-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "ose-ingress-node-firewall-container/ose-ingress-node-firewall-container", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "poison-pill-container/poison-pill-container", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "redhat/redhat-operator-index", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform Assisted Installer 1", "fix_state" : "Affected", "package_name" : "rhai-tech-preview/assisted-installer-agent-rhel8", "cpe" : "cpe:/a:redhat:assisted_installer:1" }, { "product_name" : "Red Hat OpenShift Container Platform Assisted Installer 1", "fix_state" : "Affected", "package_name" : "rhai-tech-preview/assisted-installer-rhel8", "cpe" : "cpe:/a:redhat:assisted_installer:1" }, { "product_name" : "Red Hat Openshift Container Storage 4", "fix_state" : "Affected", "package_name" : "ocs4/mcg-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_container_storage:4" }, { "product_name" : "Red Hat Openshift Container Storage 4", "fix_state" : "Not affected", "package_name" : "ocs4/ocs-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_container_storage:4" }, { "product_name" : "Red Hat Openshift Container Storage 4", "fix_state" : "Not affected", "package_name" : "ocs4/rook-ceph-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_container_storage:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Not affected", "package_name" : "odf4/ocs-rhel9-operator", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Not affected", "package_name" : "odf4/odf-csi-addons-sidecar-rhel8", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Not affected", "package_name" : "odf4/odf-lvm-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "odf4/odf-multicluster-rhel9-operator", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "odf4/odf-rhel9-operator", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Not affected", "package_name" : "odf4/odr-rhel9-operator", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Not affected", "package_name" : "odf4/rook-ceph-rhel9-operator", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "devspaces/traefik-rhel8", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Affected", "package_name" : "openshift-gitops-1/gitops-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat Openshift Sandboxed Containers", "fix_state" : "Affected", "package_name" : "openshift-sandboxed-containers/osc-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_sandboxed_containers:1" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "container-native-virtualization/cluster-network-addons-operator", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "container-native-virtualization/kubernetes-nmstate-handler-rhel8", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Not affected", "package_name" : "rhosp-rhel8/osp-director-agent", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "quay/quay-bridge-operator-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Self Node Remediation Operator", "fix_state" : "Not affected", "package_name" : "workload-availability/self-node-remediation-rhel8-operator", "cpe" : "cpe:/a:redhat:workload_availability_snr:0" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-4238\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4238\nhttps://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1\nhttps://github.com/advisories/GHSA-3839-6r69-m497\nhttps://pkg.go.dev/vuln/GO-2022-0411" ], "name" : "CVE-2021-4238", "csaw" : false }