{ "threat_severity" : "Moderate", "public_date" : "2023-07-11T00:00:00Z", "bugzilla" : { "description" : "golang: net/http: insufficient sanitization of Host header", "id" : "2222167", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2222167" }, "cvss3" : { "cvss3_base_score" : "6.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status" : "verified" }, "cwe" : "CWE-113", "details" : [ "The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.", "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking." ], "affected_release" : [ { "product_name" : "Cryostat 2 on RHEL 8", "release_date" : "2023-10-23T00:00:00Z", "advisory" : "RHSA-2023:6031", "cpe" : "cpe:/a:redhat:cryostat:2::el8", "package" : "cryostat-tech-preview/cryostat-rhel8-operator:2.3.1-11" }, { "product_name" : "MTA-6.2-RHEL-8", "release_date" : "2024-02-28T00:00:00Z", "advisory" : "RHSA-2024:1027", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:6.2::el8", "package" : "mta/mta-rhel8-operator:6.2.2-3" }, { "product_name" : "MTA-6.2-RHEL-9", "release_date" : "2024-02-28T00:00:00Z", "advisory" : "RHSA-2024:1027", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "package" : "mta/mta-hub-rhel9:6.2.2-2" }, { "product_name" : "MTA-6.2-RHEL-9", "release_date" : "2024-02-28T00:00:00Z", "advisory" : "RHSA-2024:1027", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "package" : "mta/mta-operator-bundle:6.2.2-5" }, { "product_name" : "MTA-6.2-RHEL-9", "release_date" : "2024-02-28T00:00:00Z", "advisory" : "RHSA-2024:1027", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "package" : "mta/mta-pathfinder-rhel9:6.2.2-2" }, { "product_name" : "MTA-6.2-RHEL-9", "release_date" : "2024-02-28T00:00:00Z", "advisory" : "RHSA-2024:1027", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "package" : "mta/mta-ui-rhel9:6.2.2-2" }, { "product_name" : "MTA-6.2-RHEL-9", "release_date" : "2024-02-28T00:00:00Z", "advisory" : "RHSA-2024:1027", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "package" : "mta/mta-windup-addon-rhel9:6.2.2-3" }, { "product_name" : "NETWORK-OBSERVABILITY-1.4.0-RHEL-9", "release_date" : "2023-10-20T00:00:00Z", "advisory" : "RHSA-2023:5974", "cpe" : "cpe:/a:redhat:network_observ_optr:1.4.0::el9", "package" : "network-observability/network-observability-rhel9-operator:v1.4.0-51" }, { "product_name" : "OADP-1.1-RHEL-8", "release_date" : "2023-10-25T00:00:00Z", "advisory" : "RHSA-2023:6115", "cpe" : "cpe:/a:redhat:openshift_api_data_protection:1.1::el8", "package" : "oadp/oadp-velero-rhel8:1.1.7-6" }, { "product_name" : "Openshift Serverless 1 on RHEL 8", "release_date" : "2023-11-03T00:00:00Z", "advisory" : "RHSA-2023:6298", "cpe" : "cpe:/a:redhat:serverless:1.0::el8", "package" : "openshift-serverless-clients-0:1.9.2-4.el8" }, { "product_name" : "OSSO-1.1-RHEL-8", "release_date" : "2023-10-26T00:00:00Z", "advisory" : "RHSA-2023:5933", "cpe" : "cpe:/a:redhat:openshift_secondary_scheduler:1.1::el8", "package" : "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8:v1.1-37" }, { "product_name" : "Red Hat Advanced Cluster Security 4.4", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1570", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:4.4.0-17" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-05-22T00:00:00Z", "advisory" : "RHBA-2024:3053", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "git-lfs-0:3.4.1-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-10-16T00:00:00Z", "advisory" : "RHSA-2023:5721", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "go-toolset:rhel8-8080020231013004859.6b4b45d8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-11-14T00:00:00Z", "advisory" : "RHSA-2023:6938", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "container-tools:4.0-8090020230828093056.e7857ab1" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-11-14T00:00:00Z", "advisory" : "RHSA-2023:6939", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "container-tools:rhel8-8090020230825121312.e7857ab1" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-11-14T00:00:00Z", "advisory" : "RHSA-2023:7202", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "container-tools:4.0-8090020231009143402.d7b6f4b7" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHBA-2024:2274", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "git-lfs-0:3.4.1-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-10-16T00:00:00Z", "advisory" : "RHSA-2023:5738", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "golang-0:1.19.13-1.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6346", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "toolbox-0:0.0.99.4-6.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6363", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "skopeo-2:1.13.3-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6402", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "containernetworking-plugins-1:1.3.0-4.el9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6473", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "buildah-1:1.31.3-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6474", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "podman-2:4.6.1-5.el9" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.7", "release_date" : "2023-10-30T00:00:00Z", "advisory" : "RHSA-2023:6161", "cpe" : "cpe:/a:redhat:rhmt:1.7::el8", "package" : "rhmtc/openshift-velero-plugin-rhel8:v1.7.14-3" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2023-11-15T00:00:00Z", "advisory" : "RHSA-2023:6840", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift-clients-0:4.14.0-202311031050.p0.g9b1e0d2.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-01-23T00:00:00Z", "advisory" : "RHSA-2024:0293", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift-0:4.14.0-202401121302.p0.ge36e183.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/client-kn-rhel8:1.9.2-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.9.0-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/eventing-controller-rhel8:1.9.0-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.9.0-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.9.0-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.9.0-9" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.9.0-9" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.9.0-9" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8:1.9.0-9" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.9.0-9" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.9.0-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.9.0-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.9.0-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/eventing-mtping-rhel8:1.9.0-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/eventing-storage-version-migration-rhel8:1.9.0-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/eventing-webhook-rhel8:1.9.0-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/func-utils-rhel8:1.30.2-2" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/ingress-rhel8-operator:1.30.2-3" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/knative-rhel8-operator:1.30.2-3" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/kn-cli-artifacts-rhel8:1.9.2-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/kourier-control-rhel8:1.9.0-5" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/net-istio-controller-rhel8:1.9.0-5" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/net-istio-webhook-rhel8:1.9.0-5" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/serverless-operator-bundle:1.30.2-2" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/serverless-rhel8-operator:1.30.2-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/serving-activator-rhel8:1.9.0-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.9.0-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/serving-autoscaler-rhel8:1.9.0-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/serving-controller-rhel8:1.9.0-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/serving-domain-mapping-rhel8:1.9.0-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.9.0-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/serving-queue-rhel8:1.9.0-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/serving-storage-version-migration-rhel8:1.9.0-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/serving-webhook-rhel8:1.9.0-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1/svls-must-gather-rhel8:1.30.2-1" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1-tech-preview/eventing-istio-controller-rhel8:1.9.0-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8:1.9.0-4" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8:1.30.0-8" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1-tech-preview/logic-swf-builder-rhel8:1.30.0-9" }, { "product_name" : "Red Hat OpenShift Serverless 1.30", "release_date" : "2023-11-02T00:00:00Z", "advisory" : "RHSA-2023:6296", "cpe" : "cpe:/a:redhat:openshift_serverless:1.30::el8", "package" : "openshift-serverless-1-tech-preview/logic-swf-devmode-rhel8:1.30.0-9" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "release_date" : "2023-10-19T00:00:00Z", "advisory" : "RHSA-2023:5935", "cpe" : "cpe:/a:redhat:openstack:16.2::el8", "package" : "rhosp-rhel8/osp-director-agent:1.3.0-10" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "release_date" : "2023-10-19T00:00:00Z", "advisory" : "RHSA-2023:5935", "cpe" : "cpe:/a:redhat:openstack:16.2::el8", "package" : "rhosp-rhel8/osp-director-downloader:1.3.0-11" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "release_date" : "2023-10-19T00:00:00Z", "advisory" : "RHSA-2023:5935", "cpe" : "cpe:/a:redhat:openstack:16.2::el8", "package" : "rhosp-rhel8/osp-director-operator:1.3.0-9" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "release_date" : "2023-10-19T00:00:00Z", "advisory" : "RHSA-2023:5935", "cpe" : "cpe:/a:redhat:openstack:16.2::el8", "package" : "rhosp-rhel8/osp-director-operator-bundle:1.3.0-19" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "release_date" : "2023-10-20T00:00:00Z", "advisory" : "RHSA-2023:5965", "cpe" : "cpe:/a:redhat:openstack:16.2::el8", "package" : "etcd-0:3.3.23-15.el8ost" }, { "product_name" : "Red Hat Satellite 6.14 for RHEL 8", "release_date" : "2023-11-08T00:00:00Z", "advisory" : "RHSA-2023:6818", "cpe" : "cpe:/a:redhat:satellite:6.14::el8", "package" : "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/cephcsi-rhel9:v4.15.0-37" }, { "product_name" : "RHOL-5.6-RHEL-8", "release_date" : "2023-10-20T00:00:00Z", "advisory" : "RHSA-2023:5541", "cpe" : "cpe:/a:redhat:logging:5.6::el8", "package" : "openshift-logging/logging-loki-rhel8:v2.9.2-2" }, { "product_name" : "RHOL-5.7-RHEL-8", "release_date" : "2023-10-20T00:00:00Z", "advisory" : "RHSA-2023:5530", "cpe" : "cpe:/a:redhat:logging:5.7::el8", "package" : "openshift-logging/logging-loki-rhel8:v2.9.2-1" }, { "product_name" : "RODOO-1.0-RHEL-8", "release_date" : "2023-10-26T00:00:00Z", "advisory" : "RHSA-2023:5947", "cpe" : "cpe:/a:redhat:run_once_duration_override_operator:1.0::el8", "package" : "run-once-duration-override-operator/run-once-duration-override-rhel8:v1.0-30" }, { "product_name" : "STF-1.5-RHEL-8", "release_date" : "2023-10-20T00:00:00Z", "advisory" : "RHSA-2023:5976", "cpe" : "cpe:/a:redhat:stf:1.5::el8", "package" : "stf/prometheus-webhook-snmp-rhel8:1.5.2-8" }, { "product_name" : "STF-1.5-RHEL-8", "release_date" : "2023-10-20T00:00:00Z", "advisory" : "RHSA-2023:5976", "cpe" : "cpe:/a:redhat:stf:1.5::el8", "package" : "stf/service-telemetry-operator-bundle:1.5.1697612918-1" }, { "product_name" : "STF-1.5-RHEL-8", "release_date" : "2023-10-20T00:00:00Z", "advisory" : "RHSA-2023:5976", "cpe" : "cpe:/a:redhat:stf:1.5::el8", "package" : "stf/service-telemetry-rhel8-operator:1.5.1-8" }, { "product_name" : "STF-1.5-RHEL-8", "release_date" : "2023-10-20T00:00:00Z", "advisory" : "RHSA-2023:5976", "cpe" : "cpe:/a:redhat:stf:1.5::el8", "package" : "stf/sg-bridge-rhel8:1.5.0-18" }, { "product_name" : "STF-1.5-RHEL-8", "release_date" : "2023-10-20T00:00:00Z", "advisory" : "RHSA-2023:5976", "cpe" : "cpe:/a:redhat:stf:1.5::el8", "package" : "stf/sg-core-rhel8:5.1.1-8" }, { "product_name" : "STF-1.5-RHEL-8", "release_date" : "2023-10-20T00:00:00Z", "advisory" : "RHSA-2023:5976", "cpe" : "cpe:/a:redhat:stf:1.5::el8", "package" : "stf/smart-gateway-operator-bundle:5.0.1697612918-1" }, { "product_name" : "STF-1.5-RHEL-8", "release_date" : "2023-10-20T00:00:00Z", "advisory" : "RHSA-2023:5976", "cpe" : "cpe:/a:redhat:stf:1.5::el8", "package" : "stf/smart-gateway-rhel8-operator:5.0.1-9" } ], "package_state" : [ { "product_name" : "cert-manager Operator for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "cert-manager/cert-manager-operator-rhel9", "cpe" : "cpe:/a:redhat:cert_manager:1" }, { "product_name" : "Custom Metric Autoscaler operator for Red Hat Openshift", "fix_state" : "Not affected", "package_name" : "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8", "cpe" : "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2" }, { "product_name" : "Migration Toolkit for Virtualization", "fix_state" : "Affected", "package_name" : "migration-toolkit-virtualization/mtv-rhv-populator-rhel8", "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2" }, { "product_name" : "Node HealthCheck Operator", "fix_state" : "Not affected", "package_name" : "workload-availability/node-healthcheck-rhel8-operator", "cpe" : "cpe:/a:redhat:workload_availability_nhc:0" }, { "product_name" : "Node Maintenance Operator", "fix_state" : "Affected", "package_name" : "workload-availability/node-maintenance-rhel8-operator", "cpe" : "cpe:/a:redhat:workload_availability_nmo:5" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Affected", "package_name" : "helm", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Affected", "package_name" : "ocp-tools-4/jenkins-rhel8", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines-client", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Affected", "package_name" : "openshift-golang-builder-container", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-operator-container", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/prometheus-rhel9", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Affected", "package_name" : "advanced-cluster-security/rhacs-main-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "receptor", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Application Interconnect 1.0", "fix_state" : "Affected", "package_name" : "skupper-cli", "cpe" : "cpe:/a:redhat:application_interconnect:1" }, { "product_name" : "Red Hat build of Apicurio Registry 2", "fix_state" : "Affected", "package_name" : "integration-service-registry-operator-container", "cpe" : "cpe:/a:redhat:service_registry:2" }, { "product_name" : "Red Hat Ceph Storage 3", "fix_state" : "Will not fix", "package_name" : "golang", "cpe" : "cpe:/a:redhat:ceph_storage:3" }, { "product_name" : "Red Hat Ceph Storage 5", "fix_state" : "Affected", "package_name" : "rhceph/rhceph-5-dashboard-rhel8", "cpe" : "cpe:/a:redhat:ceph_storage:5" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "grafana-pcp", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "osbuild-composer", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "weldr-client", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "butane", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "conmon", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "grafana-pcp", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "ignition", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "osbuild-composer", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "weldr-client", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "buildah", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "conmon", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "containernetworking-plugins", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "cri-o", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "cri-tools", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "microshift", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift-golang-builder-container", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "podman", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "skopeo", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Not affected", "package_name" : "mcg", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat OpenShift Data Science (RHODS)", "fix_state" : "Will not fix", "package_name" : "rhods/odh-mm-rest-proxy-rhel8", "cpe" : "cpe:/a:redhat:openshift_data_science" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "devspaces/udi-rhel8", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift distributed tracing 2", "fix_state" : "Affected", "package_name" : "rhosdt/jaeger-agent-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:2" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Affected", "package_name" : "openshift-gitops-kam", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift on AWS", "fix_state" : "Affected", "package_name" : "rosa", "cpe" : "cpe:/a:redhat:openshift_service_on_aws:1" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "kubevirt", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "openshift-golang-builder-container", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Will not fix", "package_name" : "collectd-libpod-stats", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Not affected", "package_name" : "golang-github-infrawatch-apputils", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 17.0", "fix_state" : "Will not fix", "package_name" : "collectd-libpod-stats", "cpe" : "cpe:/a:redhat:openstack:17.0" }, { "product_name" : "Red Hat OpenStack Platform 17.0", "fix_state" : "Out of support scope", "package_name" : "golang-github-infrawatch-apputils", "cpe" : "cpe:/a:redhat:openstack:17.0" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Will not fix", "package_name" : "collectd-libpod-stats", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Not affected", "package_name" : "golang-github-infrawatch-apputils", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 18.0", "fix_state" : "Will not fix", "package_name" : "collectd-libpod-stats", "cpe" : "cpe:/a:redhat:openstack:18.0" }, { "product_name" : "Red Hat OpenStack Platform 18.0", "fix_state" : "Affected", "package_name" : "rhoso-operators/rabbitmq-cluster-rhel9-operator", "cpe" : "cpe:/a:redhat:openstack:18.0" }, { "product_name" : "Red Hat Storage 3", "fix_state" : "Will not fix", "package_name" : "golang", "cpe" : "cpe:/a:redhat:storage:3" }, { "product_name" : "Red Hat Storage 3", "fix_state" : "Will not fix", "package_name" : "go-toolset-7-golang", "cpe" : "cpe:/a:redhat:storage:3" }, { "product_name" : "Red Hat Web Terminal", "fix_state" : "Fix deferred", "package_name" : "web-terminal/web-terminal-rhel9-operator", "cpe" : "cpe:/a:redhat:webterminal:1" }, { "product_name" : "Self Node Remediation Operator", "fix_state" : "Affected", "package_name" : "workload-availability/self-node-remediation-rhel8-operator", "cpe" : "cpe:/a:redhat:workload_availability_snr:0" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-29406\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29406\nhttps://groups.google.com/g/golang-announce/c/2q13H6LEEx0" ], "name" : "CVE-2023-29406", "csaw" : false }