{ "threat_severity" : "Important", "public_date" : "2023-12-24T00:00:00Z", "bugzilla" : { "description" : "go-git: Maliciously crafted Git server replies can cause DoS on go-git clients", "id" : "2258165", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258165" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-400", "details" : [ "A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients.\nApplications using only the in-memory filesystem supported by go-git are not affected by this vulnerability.\nThis is a go-git implementation issue and does not affect the upstream git cli.", "A denial of service (DoS) vulnerability was found in the go library go-git. This issue may allow an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients." ], "statement" : "This problem only affects the go implementation and not the original git cli code. Applications using only in-memory filesystems are not affected by this issue. Clients should be limited to connect to only trusted git servers to reduce the risk of compromise.", "affected_release" : [ { "product_name" : "multicluster-globalhub 1.0 for RHEL 8", "release_date" : "2024-02-26T00:00:00Z", "advisory" : "RHSA-2024:0989", "cpe" : "cpe:/a:redhat:multicluster_globalhub:1.0::el8", "package" : "multicluster-globalhub/multicluster-globalhub-grafana-rhel8:v1.0.2-4" }, { "product_name" : "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1557", "cpe" : "cpe:/a:redhat:openshift_builds:1.0::el8", "package" : "openshift-builds/openshift-builds-controller-rhel8:v1.0.1-4" }, { "product_name" : "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1557", "cpe" : "cpe:/a:redhat:openshift_builds:1.0::el8", "package" : "openshift-builds/openshift-builds-git-cloner-rhel8:v1.0.1-4" }, { "product_name" : "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1557", "cpe" : "cpe:/a:redhat:openshift_builds:1.0::el8", "package" : "openshift-builds/openshift-builds-image-bundler-rhel8:v1.0.1-4" }, { "product_name" : "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1557", "cpe" : "cpe:/a:redhat:openshift_builds:1.0::el8", "package" : "openshift-builds/openshift-builds-image-processing-rhel8:v1.0.1-4" }, { "product_name" : "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1557", "cpe" : "cpe:/a:redhat:openshift_builds:1.0::el8", "package" : "openshift-builds/openshift-builds-operator-bundle:v1.0.1-11" }, { "product_name" : "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1557", "cpe" : "cpe:/a:redhat:openshift_builds:1.0::el8", "package" : "openshift-builds/openshift-builds-rhel8-operator:v1.0.1-6" }, { "product_name" : "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1557", "cpe" : "cpe:/a:redhat:openshift_builds:1.0::el8", "package" : "openshift-builds/openshift-builds-waiters-rhel8:v1.0.1-4" }, { "product_name" : "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1557", "cpe" : "cpe:/a:redhat:openshift_builds:1.0::el8", "package" : "openshift-builds/openshift-builds-webhook-rhel8:v1.0.1-4" }, { "product_name" : "Openshift Serverless 1 on RHEL 8", "release_date" : "2024-02-20T00:00:00Z", "advisory" : "RHSA-2024:0880", "cpe" : "cpe:/a:redhat:serverless:1.0::el8", "package" : "openshift-serverless-clients-0:1.10.0-6.el8" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.9 for RHEL 8", "release_date" : "2024-01-18T00:00:00Z", "advisory" : "RHSA-2024:0298", "cpe" : "cpe:/a:redhat:acm:2.9::el8", "package" : "rhacm2/multicluster-operators-subscription-rhel8:v2.9.2-2" }, { "product_name" : "Red Hat Advanced Cluster Security 4.4", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1570", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package" : "advanced-cluster-security/rhacs-central-db-rhel8:4.4.0-9" }, { "product_name" : "Red Hat Advanced Cluster Security 4.4", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1570", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:4.4.0-17" }, { "product_name" : "Red Hat Advanced Cluster Security 4.4", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1570", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package" : "advanced-cluster-security/rhacs-rhel8-operator:4.4.0-9" }, { "product_name" : "Red Hat Advanced Cluster Security 4.4", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1570", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package" : "advanced-cluster-security/rhacs-roxctl-rhel8:4.4.0-9" }, { "product_name" : "Red Hat Advanced Cluster Security 4.4", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1570", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package" : "advanced-cluster-security/rhacs-scanner-db-rhel8:4.4.0-11" }, { "product_name" : "Red Hat Advanced Cluster Security 4.4", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1570", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package" : "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.4.0-2" }, { "product_name" : "Red Hat Advanced Cluster Security 4.4", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1570", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package" : "advanced-cluster-security/rhacs-scanner-rhel8:4.4.0-11" }, { "product_name" : "Red Hat Advanced Cluster Security 4.4", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1570", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package" : "advanced-cluster-security/rhacs-scanner-slim-rhel8:4.4.0-11" }, { "product_name" : "Red Hat Ceph Storage 7.1", "release_date" : "2024-06-14T00:00:00Z", "advisory" : "RHSA-2024:3925", "cpe" : "cpe:/a:redhat:ceph_storage:7.1::el8", "package" : "ceph-2:18.2.1-194.el8cp" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-02-21T00:00:00Z", "advisory" : "RHSA-2024:0832", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift4/ose-ansible-operator:v4.12.0-202402081808.p0.g0bd975e.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-02-21T00:00:00Z", "advisory" : "RHSA-2024:0832", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift4/ose-helm-operator:v4.12.0-202402081808.p0.g0bd975e.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-02-21T00:00:00Z", "advisory" : "RHSA-2024:0832", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift4/ose-operator-sdk-rhel8:v4.12.0-202402081808.p0.g0bd975e.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-02-21T00:00:00Z", "advisory" : "RHSA-2024:0833", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift4/ose-operator-lifecycle-manager:v4.12.0-202402111607.p0.g9dd28b4.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-02-21T00:00:00Z", "advisory" : "RHSA-2024:0833", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift4/ose-operator-registry:v4.12.0-202402111607.p0.g9dd28b4.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-03-06T00:00:00Z", "advisory" : "RHSA-2024:1052", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift4/ose-olm-rukpak-rhel8:v4.12.0-202402161937.p0.gf219ce7.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-04-25T00:00:00Z", "advisory" : "RHSA-2024:1896", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift4/oc-mirror-plugin-rhel8:v4.12.0-202404171248.p0.g3f39dc6.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-02-14T00:00:00Z", "advisory" : "RHSA-2024:0740", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "openshift4/ose-ansible-operator:v4.13.0-202402020908.p0.g01bfabb.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-02-14T00:00:00Z", "advisory" : "RHSA-2024:0740", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "openshift4/ose-helm-operator:v4.13.0-202402020908.p0.g01bfabb.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-02-14T00:00:00Z", "advisory" : "RHSA-2024:0740", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "openshift4/ose-operator-sdk-rhel8:v4.13.0-202402071637.p0.g01bfabb.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-02-14T00:00:00Z", "advisory" : "RHSA-2024:0741", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "openshift4/ose-olm-rukpak-rhel8:v4.13.0-202402070238.p0.gaf47118.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-02-21T00:00:00Z", "advisory" : "RHSA-2024:0845", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "openshift4/ose-operator-lifecycle-manager:v4.13.0-202402081808.p0.g4cc5232.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-02-21T00:00:00Z", "advisory" : "RHSA-2024:0845", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "openshift4/ose-operator-registry:v4.13.0-202402081808.p0.g4cc5232.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-05-02T00:00:00Z", "advisory" : "RHSA-2024:2047", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "openshift4/oc-mirror-plugin-rhel8:v4.13.0-202404200313.p0.g02367d7.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-02-07T00:00:00Z", "advisory" : "RHSA-2024:0641", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-ansible-operator:v4.14.0-202401301709.p0.g0f0d1b2.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-02-07T00:00:00Z", "advisory" : "RHSA-2024:0641", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-helm-operator:v4.14.0-202401301709.p0.g0f0d1b2.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-02-07T00:00:00Z", "advisory" : "RHSA-2024:0641", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-operator-sdk-rhel8:v4.14.0-202401301709.p0.g0f0d1b2.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-02-07T00:00:00Z", "advisory" : "RHSA-2024:0642", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-olm-catalogd-rhel8:v4.14.0-202401292111.p0.ga333cb0.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-02-07T00:00:00Z", "advisory" : "RHSA-2024:0642", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-olm-operator-controller-rhel8:v4.14.0-202401292111.p0.gfb6fb27.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-02-07T00:00:00Z", "advisory" : "RHSA-2024:0642", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-operator-lifecycle-manager:v4.14.0-202402010409.p0.gb831504.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-02-07T00:00:00Z", "advisory" : "RHSA-2024:0642", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-operator-registry:v4.14.0-202402010409.p0.gb831504.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-02-13T00:00:00Z", "advisory" : "RHSA-2024:0735", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-olm-rukpak-rhel8:v4.14.0-202402060410.p0.g2287fb2.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-26T00:00:00Z", "advisory" : "RHSA-2024:1891", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/oc-mirror-plugin-rhel8:v4.14.0-202404161544.p0.ga0733c1.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-06-26T00:00:00Z", "advisory" : "RHSA-2024:4010", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-tools-rhel8:v4.14.0-202406180839.p0.gaa6e2f2.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-06-18T00:00:00Z", "advisory" : "RHSA-2024:3889", "cpe" : "cpe:/a:redhat:openshift:4.15::el8", "package" : "openshift4/ose-tools-rhel8:v4.15.0-202406101406.p0.g44edfb5.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-04-25T00:00:00Z", "advisory" : "RHSA-2024:1887", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "openshift4/oc-mirror-plugin-rhel9:v4.15.0-202404161612.p0.g85c8f6f.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift GitOps 1.10", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0692", "cpe" : "cpe:/a:redhat:openshift_gitops:1.10::el8", "package" : "openshift-gitops-1/argocd-rhel8:v1.10.2-2" }, { "product_name" : "Red Hat OpenShift GitOps 1.10", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0692", "cpe" : "cpe:/a:redhat:openshift_gitops:1.10::el8", "package" : "openshift-gitops-1/argo-rollouts-rhel8:v1.10.2-2" }, { "product_name" : "Red Hat OpenShift GitOps 1.10", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0692", "cpe" : "cpe:/a:redhat:openshift_gitops:1.10::el8", "package" : "openshift-gitops-1/console-plugin-rhel8:v1.10.2-2" }, { "product_name" : "Red Hat OpenShift GitOps 1.10", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0692", "cpe" : "cpe:/a:redhat:openshift_gitops:1.10::el8", "package" : "openshift-gitops-1/dex-rhel8:v1.10.2-2" }, { "product_name" : "Red Hat OpenShift GitOps 1.10", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0692", "cpe" : "cpe:/a:redhat:openshift_gitops:1.10::el8", "package" : "openshift-gitops-1/gitops-operator-bundle:v1.10.2-2" }, { "product_name" : "Red Hat OpenShift GitOps 1.10", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0692", "cpe" : "cpe:/a:redhat:openshift_gitops:1.10::el8", "package" : "openshift-gitops-1/gitops-rhel8:v1.10.2-2" }, { "product_name" : "Red Hat OpenShift GitOps 1.10", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0692", "cpe" : "cpe:/a:redhat:openshift_gitops:1.10::el8", "package" : "openshift-gitops-1/gitops-rhel8-operator:v1.10.2-2" }, { "product_name" : "Red Hat OpenShift GitOps 1.10", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0692", "cpe" : "cpe:/a:redhat:openshift_gitops:1.10::el8", "package" : "openshift-gitops-1/kam-delivery-rhel8:v1.10.2-2" }, { "product_name" : "Red Hat OpenShift GitOps 1.10", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0692", "cpe" : "cpe:/a:redhat:openshift_gitops:1.10::el8", "package" : "openshift-gitops-1/must-gather-rhel8:v1.10.2-2" }, { "product_name" : "Red Hat OpenShift GitOps 1.9", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0691", "cpe" : "cpe:/a:redhat:openshift_gitops:1.9::el9", "package" : "openshift-gitops-1/argocd-rhel8:v1.9.4-1" }, { "product_name" : "Red Hat OpenShift GitOps 1.9", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0691", "cpe" : "cpe:/a:redhat:openshift_gitops:1.9::el9", "package" : "openshift-gitops-1/argo-rollouts-rhel8:v1.9.4-1" }, { "product_name" : "Red Hat OpenShift GitOps 1.9", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0691", "cpe" : "cpe:/a:redhat:openshift_gitops:1.9::el9", "package" : "openshift-gitops-1/console-plugin-rhel8:v1.9.4-1" }, { "product_name" : "Red Hat OpenShift GitOps 1.9", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0691", "cpe" : "cpe:/a:redhat:openshift_gitops:1.9::el9", "package" : "openshift-gitops-1/dex-rhel8:v1.9.4-1" }, { "product_name" : "Red Hat OpenShift GitOps 1.9", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0691", "cpe" : "cpe:/a:redhat:openshift_gitops:1.9::el9", "package" : "openshift-gitops-1/gitops-operator-bundle:v1.9.4-1" }, { "product_name" : "Red Hat OpenShift GitOps 1.9", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0691", "cpe" : "cpe:/a:redhat:openshift_gitops:1.9::el9", "package" : "openshift-gitops-1/gitops-rhel8:v1.9.4-1" }, { "product_name" : "Red Hat OpenShift GitOps 1.9", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0691", "cpe" : "cpe:/a:redhat:openshift_gitops:1.9::el9", "package" : "openshift-gitops-1/gitops-rhel8-operator:v1.9.4-1" }, { "product_name" : "Red Hat OpenShift GitOps 1.9", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0691", "cpe" : "cpe:/a:redhat:openshift_gitops:1.9::el9", "package" : "openshift-gitops-1/kam-delivery-rhel8:v1.9.4-1" }, { "product_name" : "Red Hat OpenShift GitOps 1.9", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0691", "cpe" : "cpe:/a:redhat:openshift_gitops:1.9::el9", "package" : "openshift-gitops-1/must-gather-rhel8:v1.9.4-1" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/client-kn-rhel8:1.10.0-5" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-controller-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-istio-controller-rhel8:1.10.0-5" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.10.0-3" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.10.0-3" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.10.0-3" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8:1.10.0-3" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.10.0-3" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-mtping-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-storage-version-migration-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-webhook-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/func-utils-rhel8:1.31.1-2" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/ingress-rhel8-operator:1.31.1-2" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/knative-rhel8-operator:1.31.1-2" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/kn-cli-artifacts-rhel8:1.10.0-3" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/kourier-control-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/net-istio-controller-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/net-istio-webhook-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/serverless-operator-bundle:1.31.1-1" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/serverless-rhel8-operator:1.31.1-2" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/serving-activator-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/serving-autoscaler-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/serving-controller-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/serving-domain-mapping-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/serving-queue-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/serving-storage-version-migration-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/serving-webhook-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/svls-must-gather-rhel8:1.31.1-2" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1-tech-preview/eventing-istio-controller-rhel8:1.10.0-5" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1-tech-preview/logic-swf-builder-rhel8:1.31.0-5" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1-tech-preview/logic-swf-devmode-rhel8:1.31.0-4" } ], "package_state" : [ { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Will not fix", "package_name" : "odo", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "hub-of-hubs-gitops", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "multicluster-engine", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Will not fix", "package_name" : "multicluster-engine-assisted-installer-reporter", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Will not fix", "package_name" : "multicluster-engine-assisted-service", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "multicluster-globalhub-grafana", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/cluster-curator-controller-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/clusterlifecycle-state-metrics-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/multiclusterhub-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/multicluster-operators-application-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/multicluster-operators-channel-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/multicluster-operators-subscription-release-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/openshift-hive-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/search-collector-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/submariner-rhel8-operator", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-central-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-main-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-rhel8-operator", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-roxctl-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-scanner-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-scanner-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-scanner-slim-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Ceph Storage 6", "fix_state" : "Affected", "package_name" : "rhceph/rhceph-6-dashboard-rhel9", "cpe" : "cpe:/a:redhat:ceph_storage:6" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "cri-o", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-cli", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-cli-artifacts", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-cli-artifacts-alt-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-console", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-deployer-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Under investigation", "package_name" : "openshift4/ose-ovn-kubernetes-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift-clients", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Not affected", "package_name" : "odf4/odf-csi-addons-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Not affected", "package_name" : "odf4/odf-csi-addons-sidecar-rhel9", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Not affected", "package_name" : "odf4/odr-rhel9-operator", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat OpenShift Data Science (RHODS)", "fix_state" : "Will not fix", "package_name" : "rhods/odh-ml-pipelines-api-server-rhel8", "cpe" : "cpe:/a:redhat:openshift_data_science" }, { "product_name" : "Red Hat OpenShift Data Science (RHODS)", "fix_state" : "Will not fix", "package_name" : "rhods/odh-ml-pipelines-artifact-manager-rhel8", "cpe" : "cpe:/a:redhat:openshift_data_science" }, { "product_name" : "Red Hat OpenShift Data Science (RHODS)", "fix_state" : "Will not fix", "package_name" : "rhods/odh-ml-pipelines-cache-rhel8", "cpe" : "cpe:/a:redhat:openshift_data_science" }, { "product_name" : "Red Hat OpenShift Data Science (RHODS)", "fix_state" : "Will not fix", "package_name" : "rhods/odh-ml-pipelines-persistenceagent-rhel8", "cpe" : "cpe:/a:redhat:openshift_data_science" }, { "product_name" : "Red Hat OpenShift Data Science (RHODS)", "fix_state" : "Will not fix", "package_name" : "rhods/odh-ml-pipelines-scheduledworkflow-rhel8", "cpe" : "cpe:/a:redhat:openshift_data_science" }, { "product_name" : "Red Hat OpenShift Data Science (RHODS)", "fix_state" : "Will not fix", "package_name" : "rhods/odh-ml-pipelines-viewercontroller-rhel8", "cpe" : "cpe:/a:redhat:openshift_data_science" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Not affected", "package_name" : "devspaces/devspaces-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Will not fix", "package_name" : "container-native-virtualization/cluster-network-addons-operator", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Will not fix", "package_name" : "container-native-virtualization/cluster-network-addons-operator-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Not affected", "package_name" : "osp-director-provisioner-container", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Not affected", "package_name" : "rhosp-rhel8/osp-director-agent", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Not affected", "package_name" : "rhosp-rhel8/osp-director-downloader", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Not affected", "package_name" : "rhosp-rhel8-tech-preview/osp-director-operator", "cpe" : "cpe:/a:redhat:openstack:16.2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-49568\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-49568\nhttps://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r" ], "name" : "CVE-2023-49568", "mitigation" : { "value" : "In cases where a bump to the latest version of go-git is not possible, a recommendation to reduce the exposure of this threat is limiting its use to only trust-worthy Git servers.", "lang" : "en:us" }, "csaw" : false }