{ "threat_severity" : "Moderate", "public_date" : "2022-03-15T00:00:00Z", "bugzilla" : { "description" : "golang: crash in a golang.org/x/crypto/ssh server", "id" : "2064702", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2064702" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-327", "details" : [ "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.", "A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability." ], "statement" : "In OpenShift Container Platform (OCP) the vulnerable golang.org/x/crypto/ssh package is bundled in many components. The affected code is in the SSH server portion that is not used, hence the impact by this vulnerability is reduced. Additionally the OCP installer components, that also bundle vulnerable golang.org/x/crypto/ssh package, are used only during the cluster installation process, hence for already deployed and running OCP clusters the installer components are considered as affected by this vulnerability but not impacted.", "affected_release" : [ { "product_name" : "OADP-1.1-RHEL-8", "release_date" : "2022-11-28T00:00:00Z", "advisory" : "RHSA-2022:8634", "cpe" : "cpe:/a:redhat:openshift_api_data_protection:1.1::el8", "package" : "oadp/oadp-velero-rhel8:1.1.1-20" }, { "product_name" : "Openshift Serverless 1 on RHEL 8", "release_date" : "2022-12-12T00:00:00Z", "advisory" : "RHSA-2022:8932", "cpe" : "cpe:/a:redhat:serverless:1.0::el8", "package" : "openshift-serverless-clients-0:1.5.0-3.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-11-08T00:00:00Z", "advisory" : "RHSA-2022:7457", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "container-tools:rhel8-8070020220929222448.39077419" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-11-08T00:00:00Z", "advisory" : "RHSA-2022:7469", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "container-tools:4.0-8070020220830101436.39077419" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-11-15T00:00:00Z", "advisory" : "RHSA-2022:7954", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "podman-2:4.2.0-3.el9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-11-15T00:00:00Z", "advisory" : "RHSA-2022:8008", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "buildah-1:1.27.0-2.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.11", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:5068", "cpe" : "cpe:/a:redhat:openshift:4.11::el8", "package" : "cri-o-0:1.24.1-11.rhaos4.11.gitb0d2ef3.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.11", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:5069", "cpe" : "cpe:/a:redhat:openshift:4.11::el8", "package" : "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.11", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:5069", "cpe" : "cpe:/a:redhat:openshift:4.11::el8", "package" : "openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.11", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:5069", "cpe" : "cpe:/a:redhat:openshift:4.11::el8", "package" : "openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.11", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:5069", "cpe" : "cpe:/a:redhat:openshift:4.11::el8", "package" : "openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.11", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:5069", "cpe" : "cpe:/a:redhat:openshift:4.11::el8", "package" : "openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.11", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:5069", "cpe" : "cpe:/a:redhat:openshift:4.11::el8", "package" : "openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.11", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:5069", "cpe" : "cpe:/a:redhat:openshift:4.11::el8", "package" : "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.11", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:5069", "cpe" : "cpe:/a:redhat:openshift:4.11::el8", "package" : "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.11", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:5069", "cpe" : "cpe:/a:redhat:openshift:4.11::el8", "package" : "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.11", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:5069", "cpe" : "cpe:/a:redhat:openshift:4.11::el8", "package" : "openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.11", "release_date" : "2022-12-15T00:00:00Z", "advisory" : "RHSA-2022:8893", "cpe" : "cpe:/a:redhat:openshift:4.11::el8", "package" : "openshift4/ose-installer:v4.11.0-202212070956.p0.g7e60d78.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.11", "release_date" : "2023-01-04T00:00:00Z", "advisory" : "RHSA-2022:9107", "cpe" : "cpe:/a:redhat:openshift:4.11::el8", "package" : "openshift4/ose-baremetal-installer-rhel8:v4.11.0-202212202214.p0.gd3fb15a.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.11", "release_date" : "2023-01-04T00:00:00Z", "advisory" : "RHSA-2022:9107", "cpe" : "cpe:/a:redhat:openshift:4.11::el8", "package" : "openshift4/ose-installer-artifacts:v4.11.0-202212202214.p0.gd3fb15a.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.11", "release_date" : "2023-08-07T00:00:00Z", "advisory" : "RHSA-2023:4488", "cpe" : "cpe:/a:redhat:openshift:4.11::el8", "package" : "openshift4-wincw/windows-machine-config-rhel8-operator:6.0.1-38" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2023-01-17T00:00:00Z", "advisory" : "RHSA-2022:7401", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift4/ose-node-feature-discovery:v4.12.0-202301042354.p0.g5e2696b.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2023-01-30T00:00:00Z", "advisory" : "RHSA-2022:9096", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift4-wincw/windows-machine-config-rhel8-operator:7.0.0-22" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2023-05-18T00:00:00Z", "advisory" : "RHSA-2023:1325", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "openshift-clients-0:4.13.0-202303241616.p0.g92b1a3d.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2023-05-17T00:00:00Z", "advisory" : "RHSA-2023:1326", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "openshift4/ose-installer:v4.13.0-202305091542.p0.g44db7b2.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2023-06-07T00:00:00Z", "advisory" : "RHSA-2023:3366", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "openshift-clients-0:4.13.0-202305291355.p0.g1024efc.assembly.stream.el8" }, { "product_name" : "RHACS-4.1-RHEL-8", "release_date" : "2023-06-29T00:00:00Z", "advisory" : "RHSA-2023:3943", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.1::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:4.1.0-13" }, { "product_name" : "RHEL-7-CNV-4.11", "release_date" : "2022-09-15T00:00:00Z", "advisory" : "RHSA-2022:6527", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.11::el7", "package" : "kubevirt-0:4.11.0-643.el7" }, { "product_name" : "RHEL-8-CNV-4.11", "release_date" : "2022-09-15T00:00:00Z", "advisory" : "RHSA-2022:6527", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.11::el8", "package" : "kubevirt-0:4.11.0-643.el8" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/client-kn-rhel8:1.5.0-3" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.5.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/eventing-controller-rhel8:1.5.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.5.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.5.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.5.0-1" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.5.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.5.0-1" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8:1.5.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.5.0-1" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.5.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.5.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.5.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/eventing-mtping-rhel8:1.5.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/eventing-storage-version-migration-rhel8:1.5.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/eventing-webhook-rhel8:1.5.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/func-utils-rhel8:1.26.0-1" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/ingress-rhel8-operator:1.26.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/knative-rhel8-operator:1.26.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/kn-cli-artifacts-rhel8:1.5.0-4" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/kourier-control-rhel8:1.5.0-1" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/net-istio-controller-rhel8:1.5.0-1" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/net-istio-webhook-rhel8:1.5.0-1" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/serverless-operator-bundle:1.26.0-5" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/serverless-rhel8-operator:1.26.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/serving-activator-rhel8:1.5.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.5.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/serving-autoscaler-rhel8:1.5.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/serving-controller-rhel8:1.5.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/serving-domain-mapping-rhel8:1.5.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.5.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/serving-queue-rhel8:1.5.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/serving-storage-version-migration-rhel8:1.5.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/serving-webhook-rhel8:1.5.0-2" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1/svls-must-gather-rhel8:1.26.0-1" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8:1.5.0-1" }, { "product_name" : "RHOSS-1.26-RHEL-8", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8938", "cpe" : "cpe:/a:redhat:openshift_serverless:1.26::el8", "package" : "openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8:1.26.0-5" } ], "package_state" : [ { "product_name" : "Migration Toolkit for Containers", "fix_state" : "Affected", "package_name" : "cpma", "cpe" : "cpe:/a:redhat:rhmt:1" }, { "product_name" : "Migration Toolkit for Containers", "fix_state" : "Affected", "package_name" : "rhmtc/openshift-migration-controller-rhel8", "cpe" : "cpe:/a:redhat:rhmt:1" }, { "product_name" : "Migration Toolkit for Containers", "fix_state" : "Affected", "package_name" : "rhmtc/openshift-migration-velero-rhel8", "cpe" : "cpe:/a:redhat:rhmt:1" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Will not fix", "package_name" : "odo", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Service Mesh 2.0", "fix_state" : "Affected", "package_name" : "servicemesh", "cpe" : "cpe:/a:redhat:service_mesh:2.0" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/agent-service-rhel8", "cpe" : "cpe:/a:redhat:acm:2", "impact" : "low" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/multicluster-operators-subscription-release-rhel8", "cpe" : "cpe:/a:redhat:acm:2", "impact" : "low" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/multicluster-operators-subscription-rhel8", "cpe" : "cpe:/a:redhat:acm:2", "impact" : "low" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/openshift-hive-rhel8", "cpe" : "cpe:/a:redhat:acm:2", "impact" : "low" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/volsync-mover-rclone-rhel8", "cpe" : "cpe:/a:redhat:acm:2", "impact" : "low" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/volsync-mover-restic-rhel8", "cpe" : "cpe:/a:redhat:acm:2", "impact" : "low" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Affected", "package_name" : "advanced-cluster-security/rhacs-docs-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Affected", "package_name" : "advanced-cluster-security/rhacs-main-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Affected", "package_name" : "advanced-cluster-security/rhacs-rhel8-operator", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Affected", "package_name" : "advanced-cluster-security/rhacs-roxctl-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-scanner-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-scanner-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "container-tools:3.0/podman", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Will not fix", "package_name" : "atomic-openshift", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "atomic-enterprise-service-catalog", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-aws-efs-csi-driver-container-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-azure-machine-controllers", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-hello-openshift-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-hyperkube", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "openshift4/ose-hypershift-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-local-storage-static-provisioner", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-node-problem-detector-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-tests", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-vsphere-csi-driver-syncer-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "podman", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat Openshift Container Storage 4", "fix_state" : "Out of support scope", "package_name" : "ocs4/cephcsi-rhel8", "cpe" : "cpe:/a:redhat:openshift_container_storage:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Will not fix", "package_name" : "odf4/cephcsi-rhel9", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-1/applicationset-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-1/argocd-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-1/gitops-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-1/kam-delivery-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-kam", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift Virtualization 2", "fix_state" : "Will not fix", "package_name" : "cluster-network-addons-operator-container", "cpe" : "cpe:/a:redhat:container_native_virtualization:2" }, { "product_name" : "Red Hat OpenShift Virtualization 2", "fix_state" : "Will not fix", "package_name" : "hyperconverged-cluster-operator-container", "cpe" : "cpe:/a:redhat:container_native_virtualization:2" }, { "product_name" : "Red Hat OpenShift Virtualization 2", "fix_state" : "Will not fix", "package_name" : "kubemacpool-container", "cpe" : "cpe:/a:redhat:container_native_virtualization:2" }, { "product_name" : "Red Hat OpenShift Virtualization 2", "fix_state" : "Will not fix", "package_name" : "kubevirt", "cpe" : "cpe:/a:redhat:container_native_virtualization:2" }, { "product_name" : "Red Hat OpenShift Virtualization 2", "fix_state" : "Will not fix", "package_name" : "virt-launcher-container", "cpe" : "cpe:/a:redhat:container_native_virtualization:2" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Will not fix", "package_name" : "container-native-virtualization/cluster-network-addons-operator", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "container-native-virtualization/hyperconverged-cluster-webhook-rhel8", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "container-native-virtualization/libguestfs-tools", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "container-native-virtualization/virt-launcher", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Not affected", "package_name" : "rhosp-rhel8-tech-preview/osp-director-operator", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Will not fix", "package_name" : "quay/quay-bridge-operator-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Will not fix", "package_name" : "quay/quay-builder-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Will not fix", "package_name" : "quay/quay-container-security-operator-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Will not fix", "package_name" : "quay/quay-operator-rhel8", "cpe" : "cpe:/a:redhat:quay:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-27191\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-27191\nhttps://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ" ], "name" : "CVE-2022-27191", "csaw" : false }