{ "threat_severity" : "Critical", "public_date" : "2024-01-09T00:00:00Z", "bugzilla" : { "description" : "go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients", "id" : "2258143", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258143" }, "cvss3" : { "cvss3_base_score" : "8.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-22", "details" : [ "A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved.\nApplications are only affected if they are using the ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using \"Plain\" versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS  or in-memory filesystems are not affected by this issue.\nThis is a go-git implementation issue and does not affect the upstream git cli.", "A path traversal vulnerability was discovered in the go library go-git. This issue may allow an attacker to create and amend files across the filesystem when applications are using the default ChrootOS, potentially allowing remote code execution." ], "statement" : "This problem only affects the go implementation and not the original git cli code. Applications using BoundOS or in-memory filesystems are not affected by this issue. Clients should be limited to connect to only trusted git servers to reduce the risk of compromise.\nIn OpenShift Container Platform (OCP) the vulnerable github.com/go-git/go-git/v5 Go package is used as a dependency in many components where the vulnerable function is not used, hence the impact by this vulnerability is reduced to Low.\nIn Openshift-Clients, the affected github.com/go-git/go-git/v5 is a transitive dependency and Openshift-Clients do not use the affected codebase of the go-git package. Hence, it is marked as Not Affected.", "affected_release" : [ { "product_name" : "Builds for Red Hat OpenShift", "release_date" : "2024-09-03T00:00:00Z", "advisory" : "RHSA-2024:6221", "cpe" : "cpe:/a:redhat:openshift_builds:1.1::el9", "package" : "openshift-builds-controller-container" }, { "product_name" : "multicluster-globalhub 1.0 for RHEL 8", "release_date" : "2024-02-26T00:00:00Z", "advisory" : "RHSA-2024:0989", "cpe" : "cpe:/a:redhat:multicluster_globalhub:1.0::el8", "package" : "multicluster-globalhub/multicluster-globalhub-grafana-rhel8:v1.0.2-4" }, { "product_name" : "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1557", "cpe" : "cpe:/a:redhat:openshift_builds:1.0::el8", "package" : "openshift-builds/openshift-builds-controller-rhel8:v1.0.1-4" }, { "product_name" : "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1557", "cpe" : "cpe:/a:redhat:openshift_builds:1.0::el8", "package" : "openshift-builds/openshift-builds-git-cloner-rhel8:v1.0.1-4" }, { "product_name" : "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1557", "cpe" : "cpe:/a:redhat:openshift_builds:1.0::el8", "package" : "openshift-builds/openshift-builds-image-bundler-rhel8:v1.0.1-4" }, { "product_name" : "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1557", "cpe" : "cpe:/a:redhat:openshift_builds:1.0::el8", "package" : "openshift-builds/openshift-builds-image-processing-rhel8:v1.0.1-4" }, { "product_name" : "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1557", "cpe" : "cpe:/a:redhat:openshift_builds:1.0::el8", "package" : "openshift-builds/openshift-builds-operator-bundle:v1.0.1-11" }, { "product_name" : "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1557", "cpe" : "cpe:/a:redhat:openshift_builds:1.0::el8", "package" : "openshift-builds/openshift-builds-rhel8-operator:v1.0.1-6" }, { "product_name" : "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1557", "cpe" : "cpe:/a:redhat:openshift_builds:1.0::el8", "package" : "openshift-builds/openshift-builds-waiters-rhel8:v1.0.1-4" }, { "product_name" : "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date" : "2024-03-28T00:00:00Z", "advisory" : "RHSA-2024:1557", "cpe" : "cpe:/a:redhat:openshift_builds:1.0::el8", "package" : "openshift-builds/openshift-builds-webhook-rhel8:v1.0.1-4" }, { "product_name" : "Openshift Serverless 1 on RHEL 8", "release_date" : "2024-02-20T00:00:00Z", "advisory" : "RHSA-2024:0880", "cpe" : "cpe:/a:redhat:serverless:1.0::el8", "package" : "openshift-serverless-clients-0:1.10.0-6.el8" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.9 for RHEL 8", "release_date" : "2024-01-18T00:00:00Z", "advisory" : "RHSA-2024:0298", "cpe" : "cpe:/a:redhat:acm:2.9::el8", "package" : "rhacm2/multicluster-operators-subscription-rhel8:v2.9.2-2" }, { "product_name" : "Red Hat Advanced Cluster Security 4.3", "release_date" : "2024-03-27T00:00:00Z", "advisory" : "RHSA-2024:1549", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package" : "advanced-cluster-security/rhacs-central-db-rhel8:4.3.6-2" }, { "product_name" : "Red Hat Advanced Cluster Security 4.3", "release_date" : "2024-03-27T00:00:00Z", "advisory" : "RHSA-2024:1549", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package" : "advanced-cluster-security/rhacs-collector-rhel8:4.3.6-3" }, { "product_name" : "Red Hat Advanced Cluster Security 4.3", "release_date" : "2024-03-27T00:00:00Z", "advisory" : "RHSA-2024:1549", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package" : "advanced-cluster-security/rhacs-collector-slim-rhel8:4.3.6-1" }, { "product_name" : "Red Hat Advanced Cluster Security 4.3", "release_date" : "2024-03-27T00:00:00Z", "advisory" : "RHSA-2024:1549", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:4.3.6-4" }, { "product_name" : "Red Hat Advanced Cluster Security 4.3", "release_date" : "2024-03-27T00:00:00Z", "advisory" : "RHSA-2024:1549", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package" : "advanced-cluster-security/rhacs-operator-bundle:4.3.6-4" }, { "product_name" : "Red Hat Advanced Cluster Security 4.3", "release_date" : "2024-03-27T00:00:00Z", "advisory" : "RHSA-2024:1549", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package" : "advanced-cluster-security/rhacs-rhel8-operator:4.3.6-2" }, { "product_name" : "Red Hat Advanced Cluster Security 4.3", "release_date" : "2024-03-27T00:00:00Z", "advisory" : "RHSA-2024:1549", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package" : "advanced-cluster-security/rhacs-roxctl-rhel8:4.3.6-2" }, { "product_name" : "Red Hat Advanced Cluster Security 4.3", "release_date" : "2024-03-27T00:00:00Z", "advisory" : "RHSA-2024:1549", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package" : "advanced-cluster-security/rhacs-scanner-db-rhel8:4.3.6-3" }, { "product_name" : "Red Hat Advanced Cluster Security 4.3", "release_date" : "2024-03-27T00:00:00Z", "advisory" : "RHSA-2024:1549", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package" : "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.3.6-1" }, { "product_name" : "Red Hat Advanced Cluster Security 4.3", "release_date" : "2024-03-27T00:00:00Z", "advisory" : "RHSA-2024:1549", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package" : "advanced-cluster-security/rhacs-scanner-rhel8:4.3.6-3" }, { "product_name" : "Red Hat Advanced Cluster Security 4.3", "release_date" : "2024-03-27T00:00:00Z", "advisory" : "RHSA-2024:1549", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package" : "advanced-cluster-security/rhacs-scanner-slim-rhel8:4.3.6-3" }, { "product_name" : "Red Hat Ceph Storage 5.3", "release_date" : "2024-06-26T00:00:00Z", "advisory" : "RHSA-2024:4118", "cpe" : "cpe:/a:redhat:ceph_storage:5.3::el8", "package" : "ceph-2:16.2.10-266.el8cp" }, { "product_name" : "Red Hat Ceph Storage 5.3", "release_date" : "2024-06-26T00:00:00Z", "advisory" : "RHSA-2024:4118", "cpe" : "cpe:/a:redhat:ceph_storage:5.3::el8", "package" : "ceph-ansible-0:6.0.28.8-1.el8cp" }, { "product_name" : "Red Hat Ceph Storage 6.1", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2633", "cpe" : "cpe:/a:redhat:ceph_storage:6.1::el9", "package" : "rhceph/keepalived-rhel9:2.2.8-11" }, { "product_name" : "Red Hat Ceph Storage 6.1", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2633", "cpe" : "cpe:/a:redhat:ceph_storage:6.1::el9", "package" : "rhceph/rhceph-6-dashboard-rhel9:6-90" }, { "product_name" : "Red Hat Ceph Storage 6.1", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2633", "cpe" : "cpe:/a:redhat:ceph_storage:6.1::el9", "package" : "rhceph/rhceph-6-rhel9:6-311" }, { "product_name" : "Red Hat Ceph Storage 6.1", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2633", "cpe" : "cpe:/a:redhat:ceph_storage:6.1::el9", "package" : "rhceph/rhceph-haproxy-rhel9:2.4.22-12" }, { "product_name" : "Red Hat Ceph Storage 6.1", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2633", "cpe" : "cpe:/a:redhat:ceph_storage:6.1::el9", "package" : "rhceph/rhceph-promtail-rhel9:v2.4.0-19" }, { "product_name" : "Red Hat Ceph Storage 6.1", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2633", "cpe" : "cpe:/a:redhat:ceph_storage:6.1::el9", "package" : "rhceph/snmp-notifier-rhel9:1.2.1-57" }, { "product_name" : "Red Hat Ceph Storage 7.1", "release_date" : "2024-06-14T00:00:00Z", "advisory" : "RHSA-2024:3925", "cpe" : "cpe:/a:redhat:ceph_storage:7.1::el8", "package" : "ceph-2:18.2.1-194.el8cp" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-02-21T00:00:00Z", "advisory" : "RHSA-2024:0832", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift4/ose-ansible-operator:v4.12.0-202402081808.p0.g0bd975e.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-02-21T00:00:00Z", "advisory" : "RHSA-2024:0832", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift4/ose-helm-operator:v4.12.0-202402081808.p0.g0bd975e.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-02-21T00:00:00Z", "advisory" : "RHSA-2024:0832", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift4/ose-operator-sdk-rhel8:v4.12.0-202402081808.p0.g0bd975e.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-02-21T00:00:00Z", "advisory" : "RHSA-2024:0833", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift4/ose-operator-lifecycle-manager:v4.12.0-202402111607.p0.g9dd28b4.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-02-21T00:00:00Z", "advisory" : "RHSA-2024:0833", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift4/ose-operator-registry:v4.12.0-202402111607.p0.g9dd28b4.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-03-06T00:00:00Z", "advisory" : "RHSA-2024:1052", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift4/ose-olm-rukpak-rhel8:v4.12.0-202402161937.p0.gf219ce7.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-04-25T00:00:00Z", "advisory" : "RHSA-2024:1896", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift4/oc-mirror-plugin-rhel8:v4.12.0-202404171248.p0.g3f39dc6.assembly.stream.el8", "impact" : "low" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-02-14T00:00:00Z", "advisory" : "RHSA-2024:0740", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "openshift4/ose-ansible-operator:v4.13.0-202402020908.p0.g01bfabb.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-02-14T00:00:00Z", "advisory" : "RHSA-2024:0740", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "openshift4/ose-helm-operator:v4.13.0-202402020908.p0.g01bfabb.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-02-14T00:00:00Z", "advisory" : "RHSA-2024:0740", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "openshift4/ose-operator-sdk-rhel8:v4.13.0-202402071637.p0.g01bfabb.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-02-14T00:00:00Z", "advisory" : "RHSA-2024:0741", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "openshift4/ose-olm-rukpak-rhel8:v4.13.0-202402070238.p0.gaf47118.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-02-21T00:00:00Z", "advisory" : "RHSA-2024:0845", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "openshift4/ose-operator-lifecycle-manager:v4.13.0-202402081808.p0.g4cc5232.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-02-21T00:00:00Z", "advisory" : "RHSA-2024:0845", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "openshift4/ose-operator-registry:v4.13.0-202402081808.p0.g4cc5232.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-05-02T00:00:00Z", "advisory" : "RHSA-2024:2047", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "openshift4/oc-mirror-plugin-rhel8:v4.13.0-202404200313.p0.g02367d7.assembly.stream.el8", "impact" : "low" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-02-07T00:00:00Z", "advisory" : "RHSA-2024:0641", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-ansible-operator:v4.14.0-202401301709.p0.g0f0d1b2.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-02-07T00:00:00Z", "advisory" : "RHSA-2024:0641", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-helm-operator:v4.14.0-202401301709.p0.g0f0d1b2.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-02-07T00:00:00Z", "advisory" : "RHSA-2024:0641", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-operator-sdk-rhel8:v4.14.0-202401301709.p0.g0f0d1b2.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-02-07T00:00:00Z", "advisory" : "RHSA-2024:0642", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-olm-catalogd-rhel8:v4.14.0-202401292111.p0.ga333cb0.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-02-07T00:00:00Z", "advisory" : "RHSA-2024:0642", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-olm-operator-controller-rhel8:v4.14.0-202401292111.p0.gfb6fb27.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-02-07T00:00:00Z", "advisory" : "RHSA-2024:0642", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-operator-lifecycle-manager:v4.14.0-202402010409.p0.gb831504.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-02-07T00:00:00Z", "advisory" : "RHSA-2024:0642", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-operator-registry:v4.14.0-202402010409.p0.gb831504.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-02-13T00:00:00Z", "advisory" : "RHSA-2024:0735", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-olm-rukpak-rhel8:v4.14.0-202402060410.p0.g2287fb2.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-26T00:00:00Z", "advisory" : "RHSA-2024:1891", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/oc-mirror-plugin-rhel8:v4.14.0-202404161544.p0.ga0733c1.assembly.stream.el8", "impact" : "low" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7197", "cpe" : "cpe:/a:redhat:openshift:4.15::el8", "package" : "openshift4/ose-ansible-operator:v4.15.0-202402082307.p0.g08d08dd.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7197", "cpe" : "cpe:/a:redhat:openshift:4.15::el8", "package" : "openshift4/ose-helm-operator:v4.15.0-202402082307.p0.g08d08dd.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7197", "cpe" : "cpe:/a:redhat:openshift:4.15::el8", "package" : "openshift4/ose-operator-sdk-rhel8:v4.15.0-202402210637.p0.g08d08dd.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7198", "cpe" : "cpe:/a:redhat:openshift:4.15::el8", "package" : "openshift4/ose-olm-catalogd-rhel8:v4.15.0-202402082307.p0.gc1a9a8e.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7198", "cpe" : "cpe:/a:redhat:openshift:4.15::el8", "package" : "openshift4/ose-olm-operator-controller-rhel8:v4.15.0-202402082307.p0.ge290693.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7198", "cpe" : "cpe:/a:redhat:openshift:4.15::el8", "package" : "openshift4/ose-olm-rukpak-rhel8:v4.15.0-202402082307.p0.g36acf8d.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7198", "cpe" : "cpe:/a:redhat:openshift:4.15::el8", "package" : "openshift4/ose-operator-lifecycle-manager-rhel9:v4.15.0-202402131807.p0.g0e8b957.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-02-27T00:00:00Z", "advisory" : "RHSA-2023:7198", "cpe" : "cpe:/a:redhat:openshift:4.15::el8", "package" : "openshift4/ose-operator-registry-rhel9:v4.15.0-202402131807.p0.g0e8b957.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-10-31T00:00:00Z", "advisory" : "RHSA-2024:8425", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "openshift4/oc-mirror-plugin-rhel9:v4.15.0-202410230304.p0.ge91f573.assembly.stream.el9", "impact" : "low" }, { "product_name" : "Red Hat OpenShift Container Platform 4.16", "release_date" : "2024-06-27T00:00:00Z", "advisory" : "RHSA-2024:0040", "cpe" : "cpe:/a:redhat:openshift:4.16::el8", "package" : "openshift4/ose-ansible-operator:v4.16.0-202406130637.p0.g4194617.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.16", "release_date" : "2024-06-27T00:00:00Z", "advisory" : "RHSA-2024:0040", "cpe" : "cpe:/a:redhat:openshift:4.16::el8", "package" : "openshift4/ose-helm-rhel9-operator:v4.16.0-202406131906.p0.g4194617.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.16", "release_date" : "2024-06-27T00:00:00Z", "advisory" : "RHSA-2024:0040", "cpe" : "cpe:/a:redhat:openshift:4.16::el8", "package" : "openshift4/ose-operator-sdk-rhel9:v4.16.0-202406131906.p0.g4194617.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.16", "release_date" : "2024-06-27T00:00:00Z", "advisory" : "RHSA-2024:0041", "cpe" : "cpe:/a:redhat:openshift:4.16::el9", "package" : "openshift4/oc-mirror-plugin-rhel9:v4.16.0-202406131906.p0.g7c0889f.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.16", "release_date" : "2024-06-27T00:00:00Z", "advisory" : "RHSA-2024:0041", "cpe" : "cpe:/a:redhat:openshift:4.16::el9", "package" : "openshift4/ose-olm-catalogd-rhel9:v4.16.0-202406131906.p0.g79975a5.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.16", "release_date" : "2024-06-27T00:00:00Z", "advisory" : "RHSA-2024:0041", "cpe" : "cpe:/a:redhat:openshift:4.16::el9", "package" : "openshift4/ose-olm-operator-controller-rhel9:v4.16.0-202406131906.p0.g80b8649.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.16", "release_date" : "2024-06-27T00:00:00Z", "advisory" : "RHSA-2024:0041", "cpe" : "cpe:/a:redhat:openshift:4.16::el9", "package" : "openshift4/ose-olm-rukpak-rhel9:v4.16.0-202406131906.p0.g282cc84.assembly.stream.el9", "impact" : "low" }, { "product_name" : "Red Hat OpenShift Container Platform 4.16", "release_date" : "2024-06-27T00:00:00Z", "advisory" : "RHSA-2024:0041", "cpe" : "cpe:/a:redhat:openshift:4.16::el9", "package" : "openshift4/ose-operator-lifecycle-manager-rhel9:v4.16.0-202406131906.p0.g1aacee6.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.16", "release_date" : "2024-06-27T00:00:00Z", "advisory" : "RHSA-2024:0041", "cpe" : "cpe:/a:redhat:openshift:4.16::el9", "package" : "openshift4/ose-operator-registry-rhel9:v4.16.0-202406131906.p0.g1aacee6.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift GitOps 1.10", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0692", "cpe" : "cpe:/a:redhat:openshift_gitops:1.10::el8", "package" : "openshift-gitops-1/argocd-rhel8:v1.10.2-2" }, { "product_name" : "Red Hat OpenShift GitOps 1.10", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0692", "cpe" : "cpe:/a:redhat:openshift_gitops:1.10::el8", "package" : "openshift-gitops-1/argo-rollouts-rhel8:v1.10.2-2" }, { "product_name" : "Red Hat OpenShift GitOps 1.10", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0692", "cpe" : "cpe:/a:redhat:openshift_gitops:1.10::el8", "package" : "openshift-gitops-1/console-plugin-rhel8:v1.10.2-2" }, { "product_name" : "Red Hat OpenShift GitOps 1.10", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0692", "cpe" : "cpe:/a:redhat:openshift_gitops:1.10::el8", "package" : "openshift-gitops-1/dex-rhel8:v1.10.2-2" }, { "product_name" : "Red Hat OpenShift GitOps 1.10", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0692", "cpe" : "cpe:/a:redhat:openshift_gitops:1.10::el8", "package" : "openshift-gitops-1/gitops-operator-bundle:v1.10.2-2" }, { "product_name" : "Red Hat OpenShift GitOps 1.10", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0692", "cpe" : "cpe:/a:redhat:openshift_gitops:1.10::el8", "package" : "openshift-gitops-1/gitops-rhel8:v1.10.2-2" }, { "product_name" : "Red Hat OpenShift GitOps 1.10", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0692", "cpe" : "cpe:/a:redhat:openshift_gitops:1.10::el8", "package" : "openshift-gitops-1/gitops-rhel8-operator:v1.10.2-2" }, { "product_name" : "Red Hat OpenShift GitOps 1.10", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0692", "cpe" : "cpe:/a:redhat:openshift_gitops:1.10::el8", "package" : "openshift-gitops-1/kam-delivery-rhel8:v1.10.2-2" }, { "product_name" : "Red Hat OpenShift GitOps 1.10", "release_date" : "2024-02-05T00:00:00Z", "advisory" : "RHSA-2024:0692", "cpe" : "cpe:/a:redhat:openshift_gitops:1.10::el8", "package" : "openshift-gitops-1/must-gather-rhel8:v1.10.2-2" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/client-kn-rhel8:1.10.0-5" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-controller-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-istio-controller-rhel8:1.10.0-5" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.10.0-3" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.10.0-3" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.10.0-3" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8:1.10.0-3" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.10.0-3" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-mtping-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-storage-version-migration-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/eventing-webhook-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/func-utils-rhel8:1.31.1-2" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/ingress-rhel8-operator:1.31.1-2" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/knative-rhel8-operator:1.31.1-2" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/kn-cli-artifacts-rhel8:1.10.0-3" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/kourier-control-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/net-istio-controller-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/net-istio-webhook-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/serverless-operator-bundle:1.31.1-1" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/serverless-rhel8-operator:1.31.1-2" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/serving-activator-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/serving-autoscaler-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/serving-controller-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/serving-domain-mapping-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/serving-queue-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/serving-storage-version-migration-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/serving-webhook-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1/svls-must-gather-rhel8:1.31.1-2" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1-tech-preview/eventing-istio-controller-rhel8:1.10.0-5" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8:1.10.0-4" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1-tech-preview/logic-swf-builder-rhel8:1.31.0-5" }, { "product_name" : "RHOSS-1.31-RHEL-8", "release_date" : "2024-02-15T00:00:00Z", "advisory" : "RHSA-2024:0843", "cpe" : "cpe:/a:redhat:openshift_serverless:1.31::el8", "package" : "openshift-serverless-1-tech-preview/logic-swf-devmode-rhel8:1.31.0-4" }, { "product_name" : "Builds for Red Hat OpenShift 1.1.0", "release_date" : "2024-08-05T00:00:00Z", "advisory" : "RHSA-2024:5013", "cpe" : "cpe:/a:redhat:openshift_builds:1.1::el9", "package" : "openshift-builds/openshift-builds-controller-rhel9:sha256:a911fd84b3d9bf2ec221660507f4f234ec1ecfc232e9a511a4bd18a2598783df" } ], "package_state" : [ { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Will not fix", "package_name" : "odo", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "hub-of-hubs-gitops", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "multicluster-engine", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Will not fix", "package_name" : "multicluster-engine-assisted-installer-reporter", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Will not fix", "package_name" : "multicluster-engine-assisted-service", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "multicluster-globalhub-grafana", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/cluster-curator-controller-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/clusterlifecycle-state-metrics-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/multiclusterhub-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/multicluster-operators-application-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/multicluster-operators-channel-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/multicluster-operators-subscription-release-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/openshift-hive-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/search-collector-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/submariner-rhel8-operator", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-central-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-main-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-rhel8-operator", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-roxctl-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-scanner-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-scanner-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-scanner-slim-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "cri-o", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-cli", "cpe" : "cpe:/a:redhat:openshift:4", "impact" : "low" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-cli-artifacts", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-cli-artifacts-alt-rhel8", "cpe" : "cpe:/a:redhat:openshift:4", "impact" : "low" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-console", "cpe" : "cpe:/a:redhat:openshift:4", "impact" : "low" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-deployer-rhel9", "cpe" : "cpe:/a:redhat:openshift:4", "impact" : "low" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-tools-rhel8", "cpe" : "cpe:/a:redhat:openshift:4", "impact" : "low" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift-clients", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Not affected", "package_name" : "odf4/odf-csi-addons-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Not affected", "package_name" : "odf4/odf-csi-addons-sidecar-rhel9", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Not affected", "package_name" : "odf4/odr-rhel9-operator", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat OpenShift Data Science (RHODS)", "fix_state" : "Will not fix", "package_name" : "rhods/odh-ml-pipelines-api-server-rhel8", "cpe" : "cpe:/a:redhat:openshift_data_science" }, { "product_name" : "Red Hat OpenShift Data Science (RHODS)", "fix_state" : "Will not fix", "package_name" : "rhods/odh-ml-pipelines-artifact-manager-rhel8", "cpe" : "cpe:/a:redhat:openshift_data_science" }, { "product_name" : "Red Hat OpenShift Data Science (RHODS)", "fix_state" : "Will not fix", "package_name" : "rhods/odh-ml-pipelines-cache-rhel8", "cpe" : "cpe:/a:redhat:openshift_data_science" }, { "product_name" : "Red Hat OpenShift Data Science (RHODS)", "fix_state" : "Will not fix", "package_name" : "rhods/odh-ml-pipelines-persistenceagent-rhel8", "cpe" : "cpe:/a:redhat:openshift_data_science" }, { "product_name" : "Red Hat OpenShift Data Science (RHODS)", "fix_state" : "Will not fix", "package_name" : "rhods/odh-ml-pipelines-scheduledworkflow-rhel8", "cpe" : "cpe:/a:redhat:openshift_data_science" }, { "product_name" : "Red Hat OpenShift Data Science (RHODS)", "fix_state" : "Will not fix", "package_name" : "rhods/odh-ml-pipelines-viewercontroller-rhel8", "cpe" : "cpe:/a:redhat:openshift_data_science" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Not affected", "package_name" : "devspaces/devspaces-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Will not fix", "package_name" : "container-native-virtualization/cluster-network-addons-operator", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Will not fix", "package_name" : "container-native-virtualization/cluster-network-addons-operator-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Not affected", "package_name" : "osp-director-provisioner-container", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Not affected", "package_name" : "rhosp-rhel8/osp-director-agent", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Not affected", "package_name" : "rhosp-rhel8/osp-director-downloader", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Not affected", "package_name" : "rhosp-rhel8-tech-preview/osp-director-operator", "cpe" : "cpe:/a:redhat:openstack:16.2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-49569\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-49569\nhttps://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88" ], "name" : "CVE-2023-49569", "mitigation" : { "value" : "In cases where a bump to the latest version of go-git is not possible, a recommendation to reduce the exposure of this threat is limiting its use to only trust-worthy Git servers.", "lang" : "en:us" }, "csaw" : false }