{ "threat_severity" : "Moderate", "public_date" : "2023-08-02T00:00:00Z", "bugzilla" : { "description" : "golang.org/x/net/html: Cross site scripting", "id" : "2228689", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2228689" }, "cvss3" : { "cvss3_base_score" : "6.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status" : "verified" }, "cwe" : "CWE-79", "details" : [ "Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.", "A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security context of the hosting website once the URL is clicked. The flaw allows an attacker to steal the victim's cookie-based authentication credentials." ], "affected_release" : [ { "product_name" : "Cryostat 2 on RHEL 8", "release_date" : "2023-10-23T00:00:00Z", "advisory" : "RHSA-2023:6031", "cpe" : "cpe:/a:redhat:cryostat:2::el8", "package" : "cryostat-tech-preview/cryostat-rhel8-operator:2.3.1-11" }, { "product_name" : "Migration Toolkit for Virtualization 2.4", "release_date" : "2023-10-25T00:00:00Z", "advisory" : "RHBA-2023:6109", "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2.4::el8", "package" : "migration-toolkit-virtualization/mtv-rhel8-operator:2.4.3-3" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-11-14T00:00:00Z", "advisory" : "RHSA-2023:6938", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "container-tools:4.0-8090020230828093056.e7857ab1" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-11-14T00:00:00Z", "advisory" : "RHSA-2023:6939", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "container-tools:rhel8-8090020230825121312.e7857ab1" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6474", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "podman-2:4.6.1-5.el9" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.7", "release_date" : "2023-10-19T00:00:00Z", "advisory" : "RHSA-2023:5888", "cpe" : "cpe:/a:redhat:rhmt:1.7::el8", "package" : "rhmtc/openshift-migration-controller-rhel8:v1.7.13-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.7", "release_date" : "2023-10-19T00:00:00Z", "advisory" : "RHSA-2023:5888", "cpe" : "cpe:/a:redhat:rhmt:1.7::el8", "package" : "rhmtc/openshift-migration-hook-runner-rhel8:v1.7.13-3" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.7", "release_date" : "2023-10-19T00:00:00Z", "advisory" : "RHSA-2023:5888", "cpe" : "cpe:/a:redhat:rhmt:1.7::el8", "package" : "rhmtc/openshift-migration-legacy-rhel8-operator:v1.7.13-6" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.7", "release_date" : "2023-10-19T00:00:00Z", "advisory" : "RHSA-2023:5888", "cpe" : "cpe:/a:redhat:rhmt:1.7::el8", "package" : "rhmtc/openshift-migration-log-reader-rhel8:v1.7.13-3" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.7", "release_date" : "2023-10-19T00:00:00Z", "advisory" : "RHSA-2023:5888", "cpe" : "cpe:/a:redhat:rhmt:1.7::el8", "package" : "rhmtc/openshift-migration-must-gather-rhel8:v1.7.13-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.7", "release_date" : "2023-10-19T00:00:00Z", "advisory" : "RHSA-2023:5888", "cpe" : "cpe:/a:redhat:rhmt:1.7::el8", "package" : "rhmtc/openshift-migration-openvpn-rhel8:v1.7.13-3" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.7", "release_date" : "2023-10-19T00:00:00Z", "advisory" : "RHSA-2023:5888", "cpe" : "cpe:/a:redhat:rhmt:1.7::el8", "package" : "rhmtc/openshift-migration-operator-bundle:v1.7.13-3" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.7", "release_date" : "2023-10-19T00:00:00Z", "advisory" : "RHSA-2023:5888", "cpe" : "cpe:/a:redhat:rhmt:1.7::el8", "package" : "rhmtc/openshift-migration-registry-rhel8:v1.7.13-3" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.7", "release_date" : "2023-10-19T00:00:00Z", "advisory" : "RHSA-2023:5888", "cpe" : "cpe:/a:redhat:rhmt:1.7::el8", "package" : "rhmtc/openshift-migration-rhel8-operator:v1.7.13-6" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.7", "release_date" : "2023-10-19T00:00:00Z", "advisory" : "RHSA-2023:5888", "cpe" : "cpe:/a:redhat:rhmt:1.7::el8", "package" : "rhmtc/openshift-migration-rsync-transfer-rhel8:v1.7.13-3" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.7", "release_date" : "2023-10-19T00:00:00Z", "advisory" : "RHSA-2023:5888", "cpe" : "cpe:/a:redhat:rhmt:1.7::el8", "package" : "rhmtc/openshift-migration-ui-rhel8:v1.7.13-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.7", "release_date" : "2023-10-19T00:00:00Z", "advisory" : "RHSA-2023:5888", "cpe" : "cpe:/a:redhat:rhmt:1.7::el8", "package" : "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8:v1.7.13-3" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.7", "release_date" : "2023-10-19T00:00:00Z", "advisory" : "RHSA-2023:5888", "cpe" : "cpe:/a:redhat:rhmt:1.7::el8", "package" : "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8:v1.7.13-2" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.7", "release_date" : "2023-10-19T00:00:00Z", "advisory" : "RHSA-2023:5888", "cpe" : "cpe:/a:redhat:rhmt:1.7::el8", "package" : "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8:v1.7.13-3" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.7", "release_date" : "2023-10-19T00:00:00Z", "advisory" : "RHSA-2023:5888", "cpe" : "cpe:/a:redhat:rhmt:1.7::el8", "package" : "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8:v1.7.13-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.7", "release_date" : "2023-10-19T00:00:00Z", "advisory" : "RHSA-2023:5888", "cpe" : "cpe:/a:redhat:rhmt:1.7::el8", "package" : "rhmtc/openshift-migration-velero-rhel8:v1.7.13-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.7", "release_date" : "2023-10-19T00:00:00Z", "advisory" : "RHSA-2023:5888", "cpe" : "cpe:/a:redhat:rhmt:1.7::el8", "package" : "rhmtc/openshift-velero-plugin-rhel8:v1.7.13-3" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-01-31T00:00:00Z", "advisory" : "RHSA-2024:0485", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift4/ose-machine-api-operator:v4.12.0-202401190520.p0.g04504fb.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2023-10-31T00:00:00Z", "advisory" : "RHSA-2023:5006", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.14.0-202310201027.p0.g2e2e277.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2023-10-31T00:00:00Z", "advisory" : "RHSA-2023:5006", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-azure-disk-csi-driver-rhel8:v4.14.0-202310201027.p0.gb19eec1.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2023-10-31T00:00:00Z", "advisory" : "RHSA-2023:5006", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-azure-file-csi-driver-rhel8:v4.14.0-202310201027.p0.gf401f53.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2023-10-31T00:00:00Z", "advisory" : "RHSA-2023:5006", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-baremetal-machine-controllers:v4.14.0-202310201027.p0.g412acb3.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2023-10-31T00:00:00Z", "advisory" : "RHSA-2023:5006", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-cluster-network-operator:v4.14.0-202310201027.p0.g5572bce.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2023-10-31T00:00:00Z", "advisory" : "RHSA-2023:5006", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-cluster-node-tuning-operator:v4.14.0-202310201027.p0.ga91f994.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2023-10-31T00:00:00Z", "advisory" : "RHSA-2023:5006", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-machine-api-provider-gcp-rhel8:v4.14.0-202310201027.p0.ga676e6b.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2023-10-31T00:00:00Z", "advisory" : "RHSA-2023:5006", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-powervs-block-csi-driver-rhel8:v4.14.0-202310201027.p0.ge9694ce.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2023-10-31T00:00:00Z", "advisory" : "RHSA-2023:5006", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.14.0-202310201027.p0.ga5ed57f.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2023-10-31T00:00:00Z", "advisory" : "RHSA-2023:5007", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-aws-efs-csi-driver-container-rhel8:v4.14.0-202310201027.p0.g66925fd.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2023-10-31T00:00:00Z", "advisory" : "RHSA-2023:5007", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-csi-external-provisioner:v4.14.0-202310201027.p0.g78a710f.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2023-10-31T00:00:00Z", "advisory" : "RHSA-2023:5007", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-csi-external-provisioner-rhel8:v4.14.0-202310201027.p0.g78a710f.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2023-10-31T00:00:00Z", "advisory" : "RHSA-2023:5007", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-local-storage-operator:v4.14.0-202310201027.p0.gc41b6ba.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2023-10-31T00:00:00Z", "advisory" : "RHSA-2023:5009", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift-clients-0:4.14.0-202310191146.p0.g0c63f9d.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2023-11-15T00:00:00Z", "advisory" : "RHSA-2023:6837", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-azure-cluster-api-controllers-rhel8:v4.14.0-202311021650.p0.g7ad2773.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2023-11-15T00:00:00Z", "advisory" : "RHSA-2023:6837", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-machine-api-provider-aws-rhel8:v4.14.0-202311021650.p0.ge292817.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2023-11-15T00:00:00Z", "advisory" : "RHSA-2023:6837", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-machine-api-provider-azure-rhel8:v4.14.0-202311021650.p0.gb6ab233.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2023-11-15T00:00:00Z", "advisory" : "RHSA-2023:6837", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.14.0-202311021650.p0.g72e998c.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2023-11-21T00:00:00Z", "advisory" : "RHSA-2023:7315", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.14.0-202311080350.p0.gd99fb31.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2023-11-21T00:00:00Z", "advisory" : "RHSA-2023:7315", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-machine-api-operator:v4.14.0-202311130809.p0.ge8e6a66.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-02-28T00:00:00Z", "advisory" : "RHSA-2024:0944", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "podman-3:4.4.1-11.2.rhaos4.14.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-12-05T00:00:00Z", "advisory" : "RHSA-2024:10523", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-nutanix-cloud-controller-manager-rhel8:v4.14.0-202411261536.p0.g8aa09cd.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-12-05T00:00:00Z", "advisory" : "RHSA-2024:10523", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-nutanix-machine-controllers-rhel8:v4.14.0-202411261536.p0.g8acc076.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-26T00:00:00Z", "advisory" : "RHSA-2024:1891", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-kubevirt-cloud-controller-manager-rhel8:v4.14.0-202404161544.p0.g7d96f56.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7197", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "openshift4/ose-sriov-network-webhook-rhel9:v4.15.0-202401261531.p0.g00e0317.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7198", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "openshift4/ose-alibaba-cloud-controller-manager-rhel9:v4.15.0-202401261531.p0.gabf4fa9.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7198", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "openshift4/ose-aws-cluster-api-controllers-rhel9:v4.15.0-202401261531.p0.g3e23a96.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7198", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "openshift4/ose-azure-cloud-node-manager-rhel9:v4.15.0-202401261531.p0.g5beac87.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7198", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "openshift4/ose-azure-cluster-api-controllers-rhel9:v4.15.0-202401261531.p0.g84ef752.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7198", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "openshift4/ose-cluster-api-rhel9:v4.15.0-202401261531.p0.gdb1841a.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7198", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "openshift4/ose-cluster-capi-rhel9-operator:v4.15.0-202402020339.p0.g6a24e09.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7198", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "openshift4/ose-cluster-control-plane-machine-set-rhel9-operator:v4.15.0-202401261531.p0.gd3e0fe7.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7198", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "openshift4/ose-cluster-kube-cluster-api-rhel9-operator:v4.15.0-202402141438.p0.g128d8e0.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7198", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "openshift4/ose-gcp-cluster-api-controllers-rhel9:v4.15.0-202401261531.p0.g8a32c37.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7198", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "openshift4/ose-ibmcloud-machine-controllers-rhel9:v4.15.0-202401261531.p0.g6b0b8ea.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7198", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "openshift4/ose-machine-api-provider-aws-rhel9:v4.15.0-202401261531.p0.g0129b1e.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7198", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "openshift4/ose-machine-api-provider-azure-rhel9:v4.15.0-202402070237.p0.g34e8ac0.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7198", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "openshift4/ose-machine-api-provider-gcp-rhel9:v4.15.0-202401261531.p0.gb15daaf.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7198", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "openshift4/ose-machine-api-rhel9-operator:v4.15.0-202402020339.p0.ge2b4537.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7198", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "openshift4/ose-vsphere-cluster-api-controllers-rhel9:v4.15.0-202401261531.p0.gb21c0ba.assembly.stream" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date" : "2023-11-15T00:00:00Z", "advisory" : "RHSA-2023:7216", "cpe" : "cpe:/a:redhat:service_mesh:2.4::el8", "package" : "openshift-service-mesh/istio-cni-rhel8:2.4.5-2" }, { "product_name" : "RHODF-4.14-RHEL-9", "release_date" : "2023-11-08T00:00:00Z", "advisory" : "RHSA-2023:6832", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.14::el9", "package" : "odf4/ocs-rhel9-operator:v4.14.0-67" } ], "package_state" : [ { "product_name" : "cert-manager Operator for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "jetstack-cert-manager-container", "cpe" : "cpe:/a:redhat:cert_manager:1" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/cluster-logging-rhel9-operator", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/elasticsearch-proxy-rhel8", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/elasticsearch-rhel8-operator", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/lokistack-gateway-rhel8", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logical Volume Manager Storage", "fix_state" : "Affected", "package_name" : "lvms4/lvms-rhel9-operator", "cpe" : "cpe:/a:redhat:lvms:4" }, { "product_name" : "OpenShift API for Data Protection", "fix_state" : "Will not fix", "package_name" : "oadp/oadp-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_api_data_protection:1" }, { "product_name" : "OpenShift API for Data Protection", "fix_state" : "Will not fix", "package_name" : "oadp/oadp-velero-rhel8", "cpe" : "cpe:/a:redhat:openshift_api_data_protection:1" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Fix deferred", "package_name" : "odo", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines-client", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/subctl-rhel9", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-scanner-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Affected", "package_name" : "advanced-cluster-security/rhacs-main-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-scanner-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Ansible Automation Platform 1.2", "fix_state" : "Out of support scope", "package_name" : "openshift-clients", "cpe" : "cpe:/a:redhat:ansible_automation_platform" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "openshift-clients", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Certification for Red Hat Enterprise Linux 8", "fix_state" : "Out of support scope", "package_name" : "redhat-certification-cnf", "cpe" : "cpe:/a:redhat:certifications:1::el8" }, { "product_name" : "Red Hat Certification Program for Red Hat Enterprise Linux 9", "fix_state" : "Out of support scope", "package_name" : "redhat-certification-cnf", "cpe" : "cpe:/a:redhat:certifications:9" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "podman", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "osbuild-composer", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "osbuild-composer", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Out of support scope", "package_name" : "ansible-service-broker", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Out of support scope", "package_name" : "atomic-enterprise-service-catalog", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Out of support scope", "package_name" : "atomic-openshift", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Out of support scope", "package_name" : "atomic-openshift-descheduler", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Out of support scope", "package_name" : "atomic-openshift-service-idler", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Out of support scope", "package_name" : "atomic-openshift-web-console", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Out of support scope", "package_name" : "golang-github-openshift-oauth-proxy", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Out of support scope", "package_name" : "openshift-enterprise-cluster-capacity", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "atomic-openshift-service-idler", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "cri-o", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "cri-tools", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "microshift", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/cnf-tests-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ingress-node-firewall", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/kubernetes-nmstate-rhel9-operator", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/metallb-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/metallb-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-agent-installer-api-server-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-agent-installer-csr-approver-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-agent-installer-node-agent-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-alibaba-machine-controllers-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-cloud-event-proxy", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-csi-driver-manila-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-csi-driver-nfs-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-hypershift-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-ibmcloud-cluster-api-controllers-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-installer", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-libvirt-machine-controllers-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-machine-api-provider-openstack-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-multus-cni", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-network-metrics-daemon-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-node-feature-discovery-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-oauth-proxy", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-openshift-apiserver-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-openstack-machine-controllers", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-operator-sdk-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-ovirt-machine-controllers-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-powervs-machine-controllers-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-ptp-operator", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-tests", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ztp-site-generate-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift-compliance-openscap-container", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift-selinuxd-container", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform Assisted Installer 1", "fix_state" : "Not affected", "package_name" : "rhai-tech-preview/assisted-installer-agent-rhel8", "cpe" : "cpe:/a:redhat:assisted_installer:1" }, { "product_name" : "Red Hat OpenShift Container Platform Assisted Installer 1", "fix_state" : "Not affected", "package_name" : "rhai-tech-preview/assisted-installer-rhel8", "cpe" : "cpe:/a:redhat:assisted_installer:1" }, { "product_name" : "Red Hat Openshift Container Storage 4", "fix_state" : "Out of support scope", "package_name" : "ocs4/ocs-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_container_storage:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "odf4/cephcsi-rhel9", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "odf4/odf-rhel9-operator", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat OpenShift Data Science (RHODS)", "fix_state" : "Will not fix", "package_name" : "rhods/odh-data-science-pipelines-operator-controller-rhel8", "cpe" : "cpe:/a:redhat:openshift_data_science" }, { "product_name" : "Red Hat OpenShift Data Science (RHODS)", "fix_state" : "Will not fix", "package_name" : "rhods/odh-modelmesh-serving-controller-rhel8", "cpe" : "cpe:/a:redhat:openshift_data_science" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "devspaces/devspaces-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Will not fix", "package_name" : "devspaces/udi-rhel8", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift on AWS", "fix_state" : "Will not fix", "package_name" : "rosa", "cpe" : "cpe:/a:redhat:openshift_service_on_aws:1" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "kubevirt", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "openshift-golang-builder-container", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenStack Platform 18.0", "fix_state" : "Not affected", "package_name" : "rhoso-operators/rabbitmq-cluster-rhel9-operator", "cpe" : "cpe:/a:redhat:openstack:18.0" }, { "product_name" : "Self Node Remediation Operator", "fix_state" : "Affected", "package_name" : "workload-availability/self-node-remediation-rhel8-operator", "cpe" : "cpe:/a:redhat:workload_availability_snr:0" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-3978\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3978\nhttps://go.dev/cl/514896\nhttps://go.dev/issue/61615\nhttps://pkg.go.dev/vuln/GO-2023-1988" ], "name" : "CVE-2023-3978", "csaw" : false }