{ "threat_severity" : "Moderate", "public_date" : "2022-07-12T00:00:00Z", "bugzilla" : { "description" : "golang: io/fs: stack exhaustion in Glob", "id" : "2107371", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2107371" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-1325", "details" : [ "Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.", "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability." ], "statement" : "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.", "affected_release" : [ { "product_name" : "Application Interconnect 1 for RHEL 8", "release_date" : "2022-08-18T00:00:00Z", "advisory" : "RHSA-2022:6113", "cpe" : "cpe:/a:redhat:application_interconnect:1::el8", "package" : "skupper-cli-0:1.0.2-2.el8" }, { "product_name" : "Node Maintenance Operator 4.11 for RHEL 8", "release_date" : "2022-08-25T00:00:00Z", "advisory" : "RHSA-2022:6188", "cpe" : "cpe:/a:redhat:workload_availability_nmo:4.11::el8", "package" : "workload-availability/node-maintenance-rhel8-operator:v4.11.1-1" }, { "product_name" : "OADP-1.0-RHEL-8", "release_date" : "2022-09-13T00:00:00Z", "advisory" : "RHSA-2022:6430", "cpe" : "cpe:/a:redhat:openshift_api_data_protection:1.0::el8", "package" : "oadp/oadp-velero-rhel8:1.0.4-6" }, { "product_name" : "OpenShift Custom Metrics Autoscaler 2", "release_date" : "2023-03-06T00:00:00Z", "advisory" : "RHSA-2023:1042", "cpe" : "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.0::el8", "package" : "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8:2.8.2-143", "impact" : "low" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/client-kn-rhel8:1.3.1-4" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-controller-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-mtping-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-storage-version-migration-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-sugar-controller-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-webhook-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/ingress-rhel8-operator:1.24.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/knative-rhel8-operator:1.24.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/kn-cli-artifacts-rhel8:1.3.1-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/kourier-control-rhel8:1.3.0-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/net-istio-controller-rhel8:1.3.0-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/net-istio-webhook-rhel8:1.3.0-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serverless-operator-bundle:1.24.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serverless-rhel8-operator:1.24.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-activator-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-autoscaler-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-controller-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-domain-mapping-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-queue-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-storage-version-migration-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-webhook-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/svls-must-gather-rhel8:1.24.0-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1-tech-preview/eventing-kafka-broker-controller-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1-tech-preview/eventing-kafka-broker-dispatcher-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1-tech-preview/eventing-kafka-broker-receiver-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1-tech-preview/eventing-kafka-broker-webhook-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serverless 1 on RHEL 8", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6042", "cpe" : "cpe:/a:redhat:serverless:1.0::el8", "package" : "openshift-serverless-clients-0:1.3.1-4.el8" }, { "product_name" : "OSSO-1.1-RHEL-8", "release_date" : "2022-09-01T00:00:00Z", "advisory" : "RHSA-2022:6152", "cpe" : "cpe:/a:redhat:openshift_secondary_scheduler:1.1::el8", "package" : "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8:v1.1-11" }, { "product_name" : "Red Hat Ceph Storage 6.1", "release_date" : "2023-06-15T00:00:00Z", "advisory" : "RHSA-2023:3642", "cpe" : "cpe:/a:redhat:ceph_storage:6.1::el9", "package" : "rhceph/rhceph-6-dashboard-rhel9:6-75" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2022-08-02T00:00:00Z", "advisory" : "RHSA-2022:5866", "cpe" : "cpe:/a:redhat:devtools:2022", "package" : "go-toolset-1.17-golang-0:1.17.12-1.el7_9" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-08-01T00:00:00Z", "advisory" : "RHSA-2022:5775", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "go-toolset:rhel8-8060020220720230014.97d7f71f" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-10-25T00:00:00Z", "advisory" : "RHSA-2022:7129", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "git-lfs-0:2.13.3-3.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-11-08T00:00:00Z", "advisory" : "RHSA-2022:7519", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "grafana-0:7.5.15-3.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-11-08T00:00:00Z", "advisory" : "RHSA-2022:7529", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "container-tools:3.0-8070020220802115906.39077419" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-11-08T00:00:00Z", "advisory" : "RHSA-2022:7648", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "grafana-pcp-0:3.2.0-2.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-05-16T00:00:00Z", "advisory" : "RHSA-2023:2758", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "container-tools:rhel8-8080020230321153727.0f77c1b7" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-05-16T00:00:00Z", "advisory" : "RHSA-2023:2802", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "container-tools:4.0-8080020230217080101.8108cfbc" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-08-01T00:00:00Z", "advisory" : "RHSA-2022:5799", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "golang-0:1.17.12-1.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-11-15T00:00:00Z", "advisory" : "RHSA-2022:8057", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "grafana-0:7.5.15-3.el9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-11-15T00:00:00Z", "advisory" : "RHSA-2022:8098", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "toolbox-0:0.0.99.3-5.el9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-11-15T00:00:00Z", "advisory" : "RHSA-2022:8250", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "grafana-pcp-0:3.2.0-3.el9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-05-09T00:00:00Z", "advisory" : "RHSA-2023:2357", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "git-lfs-0:3.2.0-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2180", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "runc-4:1.1.12-2.el9" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.7", "release_date" : "2022-12-15T00:00:00Z", "advisory" : "RHSA-2022:9047", "cpe" : "cpe:/a:redhat:rhmt:1.7::el8", "package" : "rhmtc/openshift-velero-plugin-rhel8:v1.7.6-5" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.2 for RHEL 8", "release_date" : "2022-08-31T00:00:00Z", "advisory" : "RHSA-2022:6283", "cpe" : "cpe:/a:redhat:service_mesh:2.2::el8", "package" : "openshift-service-mesh/istio-cni-rhel8:2.2.2-7" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.2 for RHEL 8", "release_date" : "2022-08-31T00:00:00Z", "advisory" : "RHSA-2022:6283", "cpe" : "cpe:/a:redhat:service_mesh:2.2::el8", "package" : "openshift-service-mesh/istio-rhel8-operator:2.2.2-8" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.2 for RHEL 8", "release_date" : "2022-08-31T00:00:00Z", "advisory" : "RHSA-2022:6283", "cpe" : "cpe:/a:redhat:service_mesh:2.2::el8", "package" : "openshift-service-mesh/pilot-rhel8:2.2.2-7" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.2 for RHEL 8", "release_date" : "2022-08-31T00:00:00Z", "advisory" : "RHSA-2022:6283", "cpe" : "cpe:/a:redhat:service_mesh:2.2::el8", "package" : "openshift-service-mesh/prometheus-rhel8:2.2.2-4" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.2 for RHEL 8", "release_date" : "2022-08-31T00:00:00Z", "advisory" : "RHSA-2022:6283", "cpe" : "cpe:/a:redhat:service_mesh:2.2::el8", "package" : "openshift-service-mesh/proxyv2-rhel8:2.2.2-8" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.2 for RHEL 8", "release_date" : "2022-08-31T00:00:00Z", "advisory" : "RHSA-2022:6283", "cpe" : "cpe:/a:redhat:service_mesh:2.2::el8", "package" : "openshift-service-mesh/ratelimit-rhel8:2.2.2-4" }, { "product_name" : "Red Hat OpenStack Platform 16.1", "release_date" : "2023-03-15T00:00:00Z", "advisory" : "RHSA-2023:1275", "cpe" : "cpe:/a:redhat:openstack:16.1::el8", "package" : "etcd-0:3.3.23-12.el8ost" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "release_date" : "2023-03-15T00:00:00Z", "advisory" : "RHSA-2023:1275", "cpe" : "cpe:/a:redhat:openstack:16.2::el8", "package" : "etcd-0:3.3.23-12.el8ost" }, { "product_name" : "RHEL-7-CNV-4.12", "release_date" : "2023-01-24T00:00:00Z", "advisory" : "RHSA-2023:0407", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.12::el7", "package" : "kubevirt-0:4.12.0-1057.el7" }, { "product_name" : "RHEL-8-CNV-4.12", "release_date" : "2023-01-24T00:00:00Z", "advisory" : "RHSA-2023:0407", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package" : "kubevirt-0:4.12.0-1057.el8" }, { "product_name" : "RHEL-8-CNV-4.12", "release_date" : "2023-01-25T00:00:00Z", "advisory" : "RHSA-2023:0408", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package" : "container-native-virtualization/virt-api:v4.12.0-255" }, { "product_name" : "STF-1.5-RHEL-8", "release_date" : "2023-03-30T00:00:00Z", "advisory" : "RHSA-2023:1529", "cpe" : "cpe:/a:redhat:stf:1.5::el8", "package" : "stf/sg-core-rhel8:5.1.1-2" } ], "package_state" : [ { "product_name" : "Migration Toolkit for Virtualization", "fix_state" : "Affected", "package_name" : "migration-toolkit-virtualization/mtv-controller-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2" }, { "product_name" : "mirror registry for Red Hat OpenShift", "fix_state" : "Affected", "package_name" : "mirror-registry-container", "cpe" : "cpe:/a:redhat:mirror_registry:1" }, { "product_name" : "Node Maintenance Operator", "fix_state" : "Affected", "package_name" : "workload-availability/node-maintenance-rhel8-operator", "cpe" : "cpe:/a:redhat:workload_availability_nmo:5" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Affected", "package_name" : "helm", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Affected", "package_name" : "odo", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines-client", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-operator-container", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/work-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Affected", "package_name" : "advanced-cluster-security/rhacs-main-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "openshift-clients", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "receptor", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Application Interconnect 1.0", "fix_state" : "Will not fix", "package_name" : "skupper-router", "cpe" : "cpe:/a:redhat:application_interconnect:1" }, { "product_name" : "Red Hat Ceph Storage 3", "fix_state" : "Out of support scope", "package_name" : "golang", "cpe" : "cpe:/a:redhat:ceph_storage:3" }, { "product_name" : "Red Hat Ceph Storage 5", "fix_state" : "Affected", "package_name" : "rhceph/rhceph-5-dashboard-rhel8", "cpe" : "cpe:/a:redhat:ceph_storage:5" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "osbuild-composer", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "weldr-client", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "buildah", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "butane", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "conmon", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "containernetworking-plugins", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "go-toolset", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "ignition", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "osbuild-composer", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "podman", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "skopeo", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "weldr-client", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift-golang-builder-container", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "mcg", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "odf4/cephcsi-rhel9", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat OpenShift distributed tracing 2", "fix_state" : "Affected", "package_name" : "rhosdt/jaeger-agent-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:2" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Affected", "package_name" : "openshift-gitops-1/gitops-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Affected", "package_name" : "openshift-gitops-kam", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift on AWS", "fix_state" : "Affected", "package_name" : "rosa", "cpe" : "cpe:/a:redhat:openshift_service_on_aws:1" }, { "product_name" : "Red Hat Openshift Sandboxed Containers", "fix_state" : "Out of support scope", "package_name" : "openshift-sandboxed-containers/osc-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_sandboxed_containers:1" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Will not fix", "package_name" : "collectd-libpod-stats", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Will not fix", "package_name" : "golang-qpid-apache", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Not affected", "package_name" : "qpid-proton", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Will not fix", "package_name" : "rhosp-rhel8-tech-preview/osp-director-operator", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "quay/clair-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Not affected", "package_name" : "qpid-proton", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Will not fix", "package_name" : "rh-git227-git-lfs", "cpe" : "cpe:/a:redhat:rhel_software_collections:3" }, { "product_name" : "Red Hat Storage 3", "fix_state" : "Will not fix", "package_name" : "golang", "cpe" : "cpe:/a:redhat:storage:3" }, { "product_name" : "Red Hat Storage 3", "fix_state" : "Will not fix", "package_name" : "go-toolset-7-golang", "cpe" : "cpe:/a:redhat:storage:3" }, { "product_name" : "Red Hat Storage 3", "fix_state" : "Out of support scope", "package_name" : "heketi", "cpe" : "cpe:/a:redhat:storage:3" }, { "product_name" : "Red Hat Web Terminal", "fix_state" : "Affected", "package_name" : "web-terminal-exec-container", "cpe" : "cpe:/a:redhat:webterminal:1" }, { "product_name" : "Service Telemetry Framework 1.4 for RHEL 8", "fix_state" : "Will not fix", "package_name" : "stf/sg-core-rhel8", "cpe" : "cpe:/a:redhat:stf:1.4::el8" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-30630\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-30630\nhttps://go.dev/issue/53415\nhttps://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" ], "name" : "CVE-2022-30630", "csaw" : false }