{ "threat_severity" : "Important", "public_date" : "2022-06-08T00:00:00Z", "bugzilla" : { "description" : "go-restful: Authorization Bypass Through User-Controlled Key", "id" : "2094982", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2094982" }, "cvss3" : { "cvss3_base_score" : "9.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status" : "verified" }, "cwe" : "CWE-639", "details" : [ "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.", "A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users." ], "statement" : "The go-restful package is a transitive dependency which is being pulled with k8s.io/api and not directly being used anywhere in OpenShift Container Platform (OCP), OpenShift Container Storage, OpenShift Data Foundation, OpenShift Do and OpenShift Pipelines, hence these components are marked as 'Will not fix' or even \"Not affected\".", "affected_release" : [ { "product_name" : "Cryostat 2 on RHEL 8", "release_date" : "2023-02-20T00:00:00Z", "advisory" : "RHSA-2023:0814", "cpe" : "cpe:/a:redhat:cryostat:2::el8", "package" : "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8:2.2.0-14" }, { "product_name" : "Cryostat 2 on RHEL 8", "release_date" : "2023-02-20T00:00:00Z", "advisory" : "RHSA-2023:0814", "cpe" : "cpe:/a:redhat:cryostat:2::el8", "package" : "cryostat-tech-preview/cryostat-operator-bundle:2.2.1-8" }, { "product_name" : "Cryostat 2 on RHEL 8", "release_date" : "2023-02-20T00:00:00Z", "advisory" : "RHSA-2023:0814", "cpe" : "cpe:/a:redhat:cryostat:2::el8", "package" : "cryostat-tech-preview/cryostat-reports-rhel8:1.1.1-9" }, { "product_name" : "Cryostat 2 on RHEL 8", "release_date" : "2023-02-20T00:00:00Z", "advisory" : "RHSA-2023:0814", "cpe" : "cpe:/a:redhat:cryostat:2::el8", "package" : "cryostat-tech-preview/cryostat-rhel8:2.2.1-8" }, { "product_name" : "Cryostat 2 on RHEL 8", "release_date" : "2023-02-20T00:00:00Z", "advisory" : "RHSA-2023:0814", "cpe" : "cpe:/a:redhat:cryostat:2::el8", "package" : "cryostat-tech-preview/cryostat-rhel8-operator:2.2.1-11" }, { "product_name" : "Cryostat 2 on RHEL 8", "release_date" : "2023-02-20T00:00:00Z", "advisory" : "RHSA-2023:0814", "cpe" : "cpe:/a:redhat:cryostat:2::el8", "package" : "cryostat-tech-preview/jfr-datasource-rhel8:2.2.0-14" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/client-kn-rhel8:1.3.1-4" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-controller-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-mtping-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-storage-version-migration-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-sugar-controller-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-webhook-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/ingress-rhel8-operator:1.24.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/knative-rhel8-operator:1.24.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/kn-cli-artifacts-rhel8:1.3.1-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/kourier-control-rhel8:1.3.0-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/net-istio-controller-rhel8:1.3.0-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/net-istio-webhook-rhel8:1.3.0-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serverless-operator-bundle:1.24.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serverless-rhel8-operator:1.24.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-activator-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-autoscaler-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-controller-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-domain-mapping-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-queue-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-storage-version-migration-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-webhook-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/svls-must-gather-rhel8:1.24.0-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1-tech-preview/eventing-kafka-broker-controller-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1-tech-preview/eventing-kafka-broker-dispatcher-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1-tech-preview/eventing-kafka-broker-receiver-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1-tech-preview/eventing-kafka-broker-webhook-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serverless 1 on RHEL 8", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6042", "cpe" : "cpe:/a:redhat:serverless:1.0::el8", "package" : "openshift-serverless-clients-0:1.3.1-4.el8" }, { "product_name" : "Red Hat OpenShift GitOps 1.8", "release_date" : "2023-05-18T00:00:00Z", "advisory" : "RHSA-2023:3229", "cpe" : "cpe:/a:redhat:openshift_gitops:1.8::el8", "package" : "openshift-gitops-kam-0:1.8.3-6.el8" }, { "product_name" : "Red Hat OpenShift GitOps 1.9", "release_date" : "2023-06-09T00:00:00Z", "advisory" : "RHSA-2023:3557", "cpe" : "cpe:/a:redhat:openshift_gitops:1.9::el9", "package" : "openshift-gitops-kam-0:1.9.0-102.el8" }, { "product_name" : "RHEL-8-CNV-4.10", "release_date" : "2022-09-06T00:00:00Z", "advisory" : "RHSA-2022:6351", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package" : "container-native-virtualization/virt-api:v4.10.5-3" }, { "product_name" : "RHEL-8-CNV-4.10", "release_date" : "2022-09-06T00:00:00Z", "advisory" : "RHSA-2022:6351", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package" : "container-native-virtualization/virt-artifacts-server:v4.10.5-3" }, { "product_name" : "RHEL-8-CNV-4.10", "release_date" : "2022-09-06T00:00:00Z", "advisory" : "RHSA-2022:6351", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package" : "container-native-virtualization/virt-controller:v4.10.5-3" }, { "product_name" : "RHEL-8-CNV-4.10", "release_date" : "2022-09-06T00:00:00Z", "advisory" : "RHSA-2022:6351", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package" : "container-native-virtualization/virt-handler:v4.10.5-3" }, { "product_name" : "RHEL-8-CNV-4.10", "release_date" : "2022-09-06T00:00:00Z", "advisory" : "RHSA-2022:6351", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package" : "container-native-virtualization/virt-launcher:v4.10.5-3" }, { "product_name" : "RHEL-8-CNV-4.10", "release_date" : "2022-09-06T00:00:00Z", "advisory" : "RHSA-2022:6351", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.10::el8", "package" : "container-native-virtualization/virt-operator:v4.10.5-3" }, { "product_name" : "RHEL-8-CNV-4.9", "release_date" : "2022-11-22T00:00:00Z", "advisory" : "RHSA-2022:8609", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package" : "container-native-virtualization/cluster-network-addons-operator:v4.9.7-4" }, { "product_name" : "RHEL-8-CNV-4.9", "release_date" : "2022-11-22T00:00:00Z", "advisory" : "RHSA-2022:8609", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package" : "container-native-virtualization/hostpath-provisioner-rhel8:v4.9.7-3" }, { "product_name" : "RHEL-8-CNV-4.9", "release_date" : "2022-11-22T00:00:00Z", "advisory" : "RHSA-2022:8609", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package" : "container-native-virtualization/hostpath-provisioner-rhel8-operator:v4.9.7-4" }, { "product_name" : "RHEL-8-CNV-4.9", "release_date" : "2022-11-22T00:00:00Z", "advisory" : "RHSA-2022:8609", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package" : "container-native-virtualization/hyperconverged-cluster-webhook-rhel8:v4.9.7-4" }, { "product_name" : "RHEL-8-CNV-4.9", "release_date" : "2022-11-22T00:00:00Z", "advisory" : "RHSA-2022:8609", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package" : "container-native-virtualization/kubemacpool:v4.9.7-4" }, { "product_name" : "RHEL-8-CNV-4.9", "release_date" : "2022-11-22T00:00:00Z", "advisory" : "RHSA-2022:8609", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package" : "container-native-virtualization/kubevirt-ssp-operator:v4.9.7-4" }, { "product_name" : "RHEL-8-CNV-4.9", "release_date" : "2022-11-22T00:00:00Z", "advisory" : "RHSA-2022:8609", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package" : "container-native-virtualization/kubevirt-vmware:v4.9.7-2" }, { "product_name" : "RHEL-8-CNV-4.9", "release_date" : "2022-11-22T00:00:00Z", "advisory" : "RHSA-2022:8609", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package" : "container-native-virtualization/libguestfs-tools:v4.9.7-5" }, { "product_name" : "RHEL-8-CNV-4.9", "release_date" : "2022-11-22T00:00:00Z", "advisory" : "RHSA-2022:8609", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package" : "container-native-virtualization/node-maintenance-operator:v4.9.7-4" }, { "product_name" : "RHEL-8-CNV-4.9", "release_date" : "2022-11-22T00:00:00Z", "advisory" : "RHSA-2022:8609", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package" : "container-native-virtualization/virt-cdi-cloner:v4.9.7-3" }, { "product_name" : "RHEL-8-CNV-4.9", "release_date" : "2022-11-22T00:00:00Z", "advisory" : "RHSA-2022:8609", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.9::el8", "package" : "container-native-virtualization/vm-import-virtv2v-rhel8:v4.9.7-4" } ], "package_state" : [ { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Affected", "package_name" : "helm", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Will not fix", "package_name" : "odo", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Not affected", "package_name" : "openshift-pipelines-client", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Affected", "package_name" : "CLI", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Affected", "package_name" : "knative-eventing", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Service Mesh 2.0", "fix_state" : "Not affected", "package_name" : "servicemesh", "cpe" : "cpe:/a:redhat:service_mesh:2.0" }, { "product_name" : "OpenShift Service Mesh 2.1", "fix_state" : "Not affected", "package_name" : "servicemesh", "cpe" : "cpe:/a:redhat:service_mesh:2.1" }, { "product_name" : "OpenShift Service Mesh 2.1", "fix_state" : "Not affected", "package_name" : "servicemesh-prometheus", "cpe" : "cpe:/a:redhat:service_mesh:2.1" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-rhel7-operator", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Ansible Automation Platform 1.2", "fix_state" : "Will not fix", "package_name" : "openshift-clients", "cpe" : "cpe:/a:redhat:ansible_automation_platform" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Will not fix", "package_name" : "openshift-clients", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Will not fix", "package_name" : "ansible-service-broker", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Will not fix", "package_name" : "atomic-enterprise-service-catalog", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Will not fix", "package_name" : "atomic-openshift", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Will not fix", "package_name" : "atomic-openshift-descheduler", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Will not fix", "package_name" : "atomic-openshift-dockerregistry", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Will not fix", "package_name" : "atomic-openshift-service-idler", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Not affected", "package_name" : "atomic-openshift-web-console", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Will not fix", "package_name" : "golang-github-openshift-oauth-proxy", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Not affected", "package_name" : "openshift-enterprise-cluster-capacity", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Not affected", "package_name" : "podman", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "atomic-enterprise-service-catalog", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "atomic-openshift-service-idler", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "cri-o", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "machine-config-daemon", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift-clients", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat Openshift Container Storage 4", "fix_state" : "Will not fix", "package_name" : "mcg", "cpe" : "cpe:/a:redhat:openshift_container_storage:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Will not fix", "package_name" : "mcg", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "kubevirt", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-1996\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1996" ], "name" : "CVE-2022-1996", "csaw" : false }