{ "threat_severity" : "Moderate", "public_date" : "2025-02-24T22:22:22Z", "bugzilla" : { "description" : "go-jose: Go JOSE's Parsing Vulnerable to Denial of Service", "id" : "2347423", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2347423" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-770", "details" : [ "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.", "A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. This issue could be exploied by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service." ], "affected_release" : [ { "product_name" : "OADP-1.4-RHEL-9", "release_date" : "2025-07-18T00:00:00Z", "advisory" : "RHSA-2025:11396", "cpe" : "cpe:/a:redhat:openshift_api_data_protection:1.4::el9", "package" : "oadp/oadp-mustgather-rhel9:1.4.5-34" }, { "product_name" : "Red Hat Advanced Cluster Security 4.6", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3439", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package" : "advanced-cluster-security/rhacs-central-db-rhel8:4.6.4-4" }, { "product_name" : "Red Hat Advanced Cluster Security 4.6", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3439", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package" : "advanced-cluster-security/rhacs-collector-rhel8:4.6.4-3" }, { "product_name" : "Red Hat Advanced Cluster Security 4.6", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3439", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package" : "advanced-cluster-security/rhacs-collector-slim-rhel8:4.6.4-3" }, { "product_name" : "Red Hat Advanced Cluster Security 4.6", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3439", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:4.6.4-7" }, { "product_name" : "Red Hat Advanced Cluster Security 4.6", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3439", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package" : "advanced-cluster-security/rhacs-operator-bundle:4.6.4-7" }, { "product_name" : "Red Hat Advanced Cluster Security 4.6", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3439", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package" : "advanced-cluster-security/rhacs-rhel8-operator:4.6.4-4" }, { "product_name" : "Red Hat Advanced Cluster Security 4.6", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3439", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package" : "advanced-cluster-security/rhacs-roxctl-rhel8:4.6.4-3" }, { "product_name" : "Red Hat Advanced Cluster Security 4.6", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3439", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package" : "advanced-cluster-security/rhacs-scanner-db-rhel8:4.6.4-4" }, { "product_name" : "Red Hat Advanced Cluster Security 4.6", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3439", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package" : "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.6.4-4" }, { "product_name" : "Red Hat Advanced Cluster Security 4.6", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3439", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package" : "advanced-cluster-security/rhacs-scanner-rhel8:4.6.4-4" }, { "product_name" : "Red Hat Advanced Cluster Security 4.6", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3439", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package" : "advanced-cluster-security/rhacs-scanner-slim-rhel8:4.6.4-4" }, { "product_name" : "Red Hat Advanced Cluster Security 4.6", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3439", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package" : "advanced-cluster-security/rhacs-scanner-v4-db-rhel8:4.6.4-4" }, { "product_name" : "Red Hat Advanced Cluster Security 4.6", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3439", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package" : "advanced-cluster-security/rhacs-scanner-v4-rhel8:4.6.4-6" }, { "product_name" : "Red Hat Advanced Cluster Security 4.7", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3438", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package" : "advanced-cluster-security/rhacs-central-db-rhel8:4.7.1-2" }, { "product_name" : "Red Hat Advanced Cluster Security 4.7", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3438", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package" : "advanced-cluster-security/rhacs-collector-rhel8:4.7.1-2" }, { "product_name" : "Red Hat Advanced Cluster Security 4.7", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3438", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:4.7.1-5" }, { "product_name" : "Red Hat Advanced Cluster Security 4.7", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3438", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package" : "advanced-cluster-security/rhacs-operator-bundle:4.7.1-3" }, { "product_name" : "Red Hat Advanced Cluster Security 4.7", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3438", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package" : "advanced-cluster-security/rhacs-rhel8-operator:4.7.1-2" }, { "product_name" : "Red Hat Advanced Cluster Security 4.7", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3438", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package" : "advanced-cluster-security/rhacs-roxctl-rhel8:4.7.1-2" }, { "product_name" : "Red Hat Advanced Cluster Security 4.7", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3438", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package" : "advanced-cluster-security/rhacs-scanner-db-rhel8:4.7.1-2" }, { "product_name" : "Red Hat Advanced Cluster Security 4.7", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3438", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package" : "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.7.1-2" }, { "product_name" : "Red Hat Advanced Cluster Security 4.7", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3438", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package" : "advanced-cluster-security/rhacs-scanner-rhel8:4.7.1-2" }, { "product_name" : "Red Hat Advanced Cluster Security 4.7", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3438", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package" : "advanced-cluster-security/rhacs-scanner-slim-rhel8:4.7.1-2" }, { "product_name" : "Red Hat Advanced Cluster Security 4.7", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3438", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package" : "advanced-cluster-security/rhacs-scanner-v4-db-rhel8:4.7.1-2" }, { "product_name" : "Red Hat Advanced Cluster Security 4.7", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3438", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package" : "advanced-cluster-security/rhacs-scanner-v4-rhel8:4.7.1-3" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19566", "cpe" : "cpe:/o:redhat:enterprise_linux:10.0", "package" : "osbuild-composer-0:134.1-3.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:7459", "cpe" : "cpe:/o:redhat:enterprise_linux:10.0", "package" : "buildah-2:1.39.4-1.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:7462", "cpe" : "cpe:/o:redhat:enterprise_linux:10.0", "package" : "podman-6:5.4.0-9.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:7467", "cpe" : "cpe:/o:redhat:enterprise_linux:10.0", "package" : "skopeo-2:1.18.1-1.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:7479", "cpe" : "cpe:/o:redhat:enterprise_linux:10.0", "package" : "opentelemetry-collector-0:0.107.0-9.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-11-04T00:00:00Z", "advisory" : "RHSA-2025:19594", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "osbuild-composer-0:132.2-3.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3335", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "opentelemetry-collector-0:0.107.0-8.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:7389", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "buildah-2:1.39.4-1.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:7391", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "podman-5:5.4.0-9.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:7397", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "skopeo-2:1.18.1-1.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:7407", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "opentelemetry-collector-0:0.107.0-8.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2025-04-03T00:00:00Z", "advisory" : "RHSA-2025:3593", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "opentelemetry-collector-0:0.107.0-7.el9_4" }, { "product_name" : "Red Hat OpenShift Container Platform 4.16", "release_date" : "2025-04-03T00:00:00Z", "advisory" : "RHSA-2025:3301", "cpe" : "cpe:/a:redhat:openshift:4.16::el9", "package" : "openshift4/ose-aws-pod-identity-webhook-rhel9:v4.16.0-202503170806.p0.g459c531.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.16", "release_date" : "2025-04-03T00:00:00Z", "advisory" : "RHSA-2025:3301", "cpe" : "cpe:/a:redhat:openshift:4.16::el9", "package" : "openshift4/ose-azure-workload-identity-webhook-rhel9:v4.16.0-202503210503.p0.ga754496.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.16", "release_date" : "2025-04-03T00:00:00Z", "advisory" : "RHSA-2025:3301", "cpe" : "cpe:/a:redhat:openshift:4.16::el9", "package" : "openshift4/ose-cloud-credential-rhel9-operator:v4.16.0-202503191806.p0.gaa7ad99.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.17", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3061", "cpe" : "cpe:/a:redhat:openshift:4.17::el8", "package" : "podman-5:5.2.2-4.rhaos4.17.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.17", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3061", "cpe" : "cpe:/a:redhat:openshift:4.17::el8", "package" : "skopeo-2:1.16.1-1.rhaos4.17.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.17", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3059", "cpe" : "cpe:/a:redhat:openshift:4.17::el9", "package" : "openshift4/ose-aws-pod-identity-webhook-rhel9:v4.17.0-202503142136.p0.g80efc4e.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.17", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3059", "cpe" : "cpe:/a:redhat:openshift:4.17::el9", "package" : "openshift4/ose-azure-workload-identity-webhook-rhel9:v4.17.0-202503181705.p0.g0e19a4f.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.17", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3059", "cpe" : "cpe:/a:redhat:openshift:4.17::el9", "package" : "openshift4/ose-cloud-credential-rhel9-operator:v4.17.0-202503182004.p0.g3ba961d.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.17", "release_date" : "2025-05-21T00:00:00Z", "advisory" : "RHSA-2025:7669", "cpe" : "cpe:/a:redhat:openshift:4.17::el9", "package" : "openshift4/ose-operator-framework-tools-rhel9:v4.17.0-202505072107.p0.gb135c38.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.17", "release_date" : "2025-05-21T00:00:00Z", "advisory" : "RHSA-2025:7669", "cpe" : "cpe:/a:redhat:openshift:4.17::el9", "package" : "openshift4/ose-operator-lifecycle-manager-rhel9:v4.17.0-202505072107.p0.gb135c38.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.17", "release_date" : "2025-05-21T00:00:00Z", "advisory" : "RHSA-2025:7669", "cpe" : "cpe:/a:redhat:openshift:4.17::el9", "package" : "openshift4/ose-operator-registry-rhel9:v4.17.0-202505072107.p0.gb135c38.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.18", "release_date" : "2025-03-25T00:00:00Z", "advisory" : "RHSA-2025:3066", "cpe" : "cpe:/a:redhat:openshift:4.18::el9", "package" : "openshift4/ose-aws-pod-identity-webhook-rhel9:v4.18.0-202503130333.p0.gf54f9a1.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.18", "release_date" : "2025-03-25T00:00:00Z", "advisory" : "RHSA-2025:3066", "cpe" : "cpe:/a:redhat:openshift:4.18::el9", "package" : "openshift4/ose-azure-workload-identity-webhook-rhel9:v4.18.0-202503172004.p0.gd1dc8ab.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.18", "release_date" : "2025-03-25T00:00:00Z", "advisory" : "RHSA-2025:3066", "cpe" : "cpe:/a:redhat:openshift:4.18::el9", "package" : "openshift4/ose-cloud-credential-rhel9-operator:v4.18.0-202503181802.p0.g7785eb4.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.18", "release_date" : "2025-03-25T00:00:00Z", "advisory" : "RHSA-2025:3068", "cpe" : "cpe:/a:redhat:openshift:4.18::el9", "package" : "podman-5:5.2.2-6.rhaos4.18.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.18", "release_date" : "2025-03-25T00:00:00Z", "advisory" : "RHSA-2025:3068", "cpe" : "cpe:/a:redhat:openshift:4.18::el9", "package" : "skopeo-2:1.16.1-1.rhaos4.18.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.18", "release_date" : "2025-04-16T00:00:00Z", "advisory" : "RHSA-2025:3775", "cpe" : "cpe:/a:redhat:openshift:4.18::el9", "package" : "openshift4/ose-agent-installer-node-agent-rhel9:v4.18.0-202504090803.p0.g3aeceb7.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.18", "release_date" : "2025-05-01T00:00:00Z", "advisory" : "RHSA-2025:4211", "cpe" : "cpe:/a:redhat:openshift:4.18::el9", "package" : "openshift4/ose-olm-operator-controller-rhel9:v4.18.0-202504221809.p0.g0f55007.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.18", "release_date" : "2025-05-09T00:00:00Z", "advisory" : "RHSA-2025:4427", "cpe" : "cpe:/a:redhat:openshift:4.18::el9", "package" : "openshift4/oc-mirror-plugin-rhel9:v4.18.0-202504290934.p0.g5943543.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.18", "release_date" : "2025-05-09T00:00:00Z", "advisory" : "RHSA-2025:4427", "cpe" : "cpe:/a:redhat:openshift:4.18::el9", "package" : "openshift4/ose-olm-catalogd-rhel9:v4.18.0-202504291610.p0.g9f981b3.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.18", "release_date" : "2025-05-14T00:00:00Z", "advisory" : "RHSA-2025:4712", "cpe" : "cpe:/a:redhat:openshift:4.18::el9", "package" : "openshift4/ose-operator-framework-tools-rhel9:v4.18.0-202505012034.p0.g3ea075d.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.18", "release_date" : "2025-05-14T00:00:00Z", "advisory" : "RHSA-2025:4712", "cpe" : "cpe:/a:redhat:openshift:4.18::el9", "package" : "openshift4/ose-operator-lifecycle-manager-rhel9:v4.18.0-202505012034.p0.g3ea075d.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.18", "release_date" : "2025-05-14T00:00:00Z", "advisory" : "RHSA-2025:4712", "cpe" : "cpe:/a:redhat:openshift:4.18::el9", "package" : "openshift4/ose-operator-registry-rhel9:v4.18.0-202505012034.p0.g3ea075d.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.19", "release_date" : "2025-06-17T00:00:00Z", "advisory" : "RHSA-2024:11038", "cpe" : "cpe:/a:redhat:openshift:4.19::el9", "package" : "openshift4/ose-cli-rhel9:v4.19.0-202505210330.p0.g8f1c8b5.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift GitOps 1.15", "release_date" : "2025-05-15T00:00:00Z", "advisory" : "RHSA-2025:7753", "cpe" : "cpe:/a:redhat:openshift_gitops:1.15::el8", "package" : "openshift-gitops-1/argocd-extensions-rhel8:v1.15.2-4" }, { "product_name" : "Red Hat OpenShift GitOps 1.15", "release_date" : "2025-05-15T00:00:00Z", "advisory" : "RHSA-2025:7753", "cpe" : "cpe:/a:redhat:openshift_gitops:1.15::el8", "package" : "openshift-gitops-1/argocd-rhel8:v1.15.2-4" }, { "product_name" : "Red Hat OpenShift GitOps 1.15", "release_date" : "2025-05-15T00:00:00Z", "advisory" : "RHSA-2025:7753", "cpe" : "cpe:/a:redhat:openshift_gitops:1.15::el8", "package" : "openshift-gitops-1/argocd-rhel9:v1.15.2-1" }, { "product_name" : "Red Hat OpenShift GitOps 1.15", "release_date" : "2025-05-15T00:00:00Z", "advisory" : "RHSA-2025:7753", "cpe" : "cpe:/a:redhat:openshift_gitops:1.15::el8", "package" : "openshift-gitops-1/argo-rollouts-rhel8:v1.15.2-4" }, { "product_name" : "Red Hat OpenShift GitOps 1.15", "release_date" : "2025-05-15T00:00:00Z", "advisory" : "RHSA-2025:7753", "cpe" : "cpe:/a:redhat:openshift_gitops:1.15::el8", "package" : "openshift-gitops-1/console-plugin-rhel8:v1.15.2-4" }, { "product_name" : "Red Hat OpenShift GitOps 1.15", "release_date" : "2025-05-15T00:00:00Z", "advisory" : "RHSA-2025:7753", "cpe" : "cpe:/a:redhat:openshift_gitops:1.15::el8", "package" : "openshift-gitops-1/dex-rhel8:v1.15.2-4" }, { "product_name" : "Red Hat OpenShift GitOps 1.15", "release_date" : "2025-05-15T00:00:00Z", "advisory" : "RHSA-2025:7753", "cpe" : "cpe:/a:redhat:openshift_gitops:1.15::el8", "package" : "openshift-gitops-1/gitops-operator-bundle:v1.15.2-4" }, { "product_name" : "Red Hat OpenShift GitOps 1.15", "release_date" : "2025-05-15T00:00:00Z", "advisory" : "RHSA-2025:7753", "cpe" : "cpe:/a:redhat:openshift_gitops:1.15::el8", "package" : "openshift-gitops-1/gitops-rhel8:v1.15.2-4" }, { "product_name" : "Red Hat OpenShift GitOps 1.15", "release_date" : "2025-05-15T00:00:00Z", "advisory" : "RHSA-2025:7753", "cpe" : "cpe:/a:redhat:openshift_gitops:1.15::el8", "package" : "openshift-gitops-1/gitops-rhel8-operator:v1.15.2-4" }, { "product_name" : "Red Hat OpenShift GitOps 1.15", "release_date" : "2025-05-15T00:00:00Z", "advisory" : "RHSA-2025:7753", "cpe" : "cpe:/a:redhat:openshift_gitops:1.15::el8", "package" : "openshift-gitops-1/must-gather-rhel8:v1.15.2-4" }, { "product_name" : "RHODF-4.17-RHEL-9", "release_date" : "2025-05-21T00:00:00Z", "advisory" : "RHSA-2025:8059", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.17::el9", "package" : "odf4/mcg-rhel9-operator:v4.17.7-2" }, { "product_name" : "RHODF-4.17-RHEL-9", "release_date" : "2025-05-21T00:00:00Z", "advisory" : "RHSA-2025:8059", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.17::el9", "package" : "odf4/ocs-metrics-exporter-rhel9:v4.17.7-1" }, { "product_name" : "RHODF-4.17-RHEL-9", "release_date" : "2025-05-21T00:00:00Z", "advisory" : "RHSA-2025:8059", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.17::el9", "package" : "odf4/ocs-rhel9-operator:v4.17.7-1" }, { "product_name" : "RHODF-4.17-RHEL-9", "release_date" : "2025-05-21T00:00:00Z", "advisory" : "RHSA-2025:8059", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.17::el9", "package" : "odf4/odf-cli-rhel9:v4.17.7-2" }, { "product_name" : "RHODF-4.17-RHEL-9", "release_date" : "2025-05-21T00:00:00Z", "advisory" : "RHSA-2025:8059", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.17::el9", "package" : "odf4/odf-multicluster-rhel9-operator:v4.17.7-1" }, { "product_name" : "RHODF-4.17-RHEL-9", "release_date" : "2025-05-21T00:00:00Z", "advisory" : "RHSA-2025:8059", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.17::el9", "package" : "odf4/rook-ceph-rhel9-operator:v4.17.7-2" }, { "product_name" : "RHODF-4.18-RHEL-9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4511", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.18::el9", "package" : "odf4/mcg-rhel9-operator:v4.18.2-5" }, { "product_name" : "RHODF-4.18-RHEL-9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4511", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.18::el9", "package" : "odf4/ocs-metrics-exporter-rhel9:v4.18.2-8" }, { "product_name" : "RHODF-4.18-RHEL-9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4511", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.18::el9", "package" : "odf4/ocs-rhel9-operator:v4.18.2-6" }, { "product_name" : "RHODF-4.18-RHEL-9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4511", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.18::el9", "package" : "odf4/odf-cli-rhel9:v4.18.2-5" }, { "product_name" : "RHODF-4.18-RHEL-9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4511", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.18::el9", "package" : "odf4/odf-multicluster-rhel9-operator:v4.18.2-6" }, { "product_name" : "RHODF-4.18-RHEL-9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4511", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.18::el9", "package" : "odf4/rook-ceph-rhel9-operator:v4.18.2-9" }, { "product_name" : "RHOL-5.9-RHEL-9", "release_date" : "2025-04-16T00:00:00Z", "advisory" : "RHSA-2025:3906", "cpe" : "cpe:/a:redhat:logging:5.9::el9", "package" : "openshift-logging/cluster-logging-operator-bundle:v5.9.13-22" }, { "product_name" : "RHOL-5.9-RHEL-9", "release_date" : "2025-04-16T00:00:00Z", "advisory" : "RHSA-2025:3906", "cpe" : "cpe:/a:redhat:logging:5.9::el9", "package" : "openshift-logging/cluster-logging-rhel9-operator:v5.9.13-9" }, { "product_name" : "RHOL-5.9-RHEL-9", "release_date" : "2025-04-16T00:00:00Z", "advisory" : "RHSA-2025:3906", "cpe" : "cpe:/a:redhat:logging:5.9::el9", "package" : "openshift-logging/eventrouter-rhel9:v0.4.0-363" }, { "product_name" : "RHOL-5.9-RHEL-9", "release_date" : "2025-04-16T00:00:00Z", "advisory" : "RHSA-2025:3906", "cpe" : "cpe:/a:redhat:logging:5.9::el9", "package" : "openshift-logging/fluentd-rhel9:v5.9.13-5" }, { "product_name" : "RHOL-5.9-RHEL-9", "release_date" : "2025-04-16T00:00:00Z", "advisory" : "RHSA-2025:3906", "cpe" : "cpe:/a:redhat:logging:5.9::el9", "package" : "openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-346" }, { "product_name" : "RHOL-5.9-RHEL-9", "release_date" : "2025-04-16T00:00:00Z", "advisory" : "RHSA-2025:3906", "cpe" : "cpe:/a:redhat:logging:5.9::el9", "package" : "openshift-logging/logging-loki-rhel9:v3.3.2-36" }, { "product_name" : "RHOL-5.9-RHEL-9", "release_date" : "2025-04-16T00:00:00Z", "advisory" : "RHSA-2025:3906", "cpe" : "cpe:/a:redhat:logging:5.9::el9", "package" : "openshift-logging/logging-view-plugin-rhel9:v5.9.13-7" }, { "product_name" : "RHOL-5.9-RHEL-9", "release_date" : "2025-04-16T00:00:00Z", "advisory" : "RHSA-2025:3906", "cpe" : "cpe:/a:redhat:logging:5.9::el9", "package" : "openshift-logging/loki-operator-bundle:v5.9.13-20" }, { "product_name" : "RHOL-5.9-RHEL-9", "release_date" : "2025-04-16T00:00:00Z", "advisory" : "RHSA-2025:3906", "cpe" : "cpe:/a:redhat:logging:5.9::el9", "package" : "openshift-logging/loki-rhel9-operator:v5.9.13-9" }, { "product_name" : "RHOL-5.9-RHEL-9", "release_date" : "2025-04-16T00:00:00Z", "advisory" : "RHSA-2025:3906", "cpe" : "cpe:/a:redhat:logging:5.9::el9", "package" : "openshift-logging/lokistack-gateway-rhel9:v0.1.0-767" }, { "product_name" : "RHOL-5.9-RHEL-9", "release_date" : "2025-04-16T00:00:00Z", "advisory" : "RHSA-2025:3906", "cpe" : "cpe:/a:redhat:logging:5.9::el9", "package" : "openshift-logging/opa-openshift-rhel9:v0.1.0-383" }, { "product_name" : "RHOL-5.9-RHEL-9", "release_date" : "2025-04-16T00:00:00Z", "advisory" : "RHSA-2025:3906", "cpe" : "cpe:/a:redhat:logging:5.9::el9", "package" : "openshift-logging/vector-rhel9:v0.34.1-37" }, { "product_name" : "RHOL-6.0-RHEL-9", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3132", "cpe" : "cpe:/a:redhat:logging:6.0::el9", "package" : "openshift-logging/cluster-logging-operator-bundle:v6.0.6-8" }, { "product_name" : "RHOL-6.0-RHEL-9", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3132", "cpe" : "cpe:/a:redhat:logging:6.0::el9", "package" : "openshift-logging/cluster-logging-rhel9-operator:v6.0.6-4" }, { "product_name" : "RHOL-6.0-RHEL-9", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3132", "cpe" : "cpe:/a:redhat:logging:6.0::el9", "package" : "openshift-logging/eventrouter-rhel9:v0.4.0-357" }, { "product_name" : "RHOL-6.0-RHEL-9", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3132", "cpe" : "cpe:/a:redhat:logging:6.0::el9", "package" : "openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-338" }, { "product_name" : "RHOL-6.0-RHEL-9", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3132", "cpe" : "cpe:/a:redhat:logging:6.0::el9", "package" : "openshift-logging/logging-loki-rhel9:v3.4.2-7" }, { "product_name" : "RHOL-6.0-RHEL-9", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3132", "cpe" : "cpe:/a:redhat:logging:6.0::el9", "package" : "openshift-logging/loki-operator-bundle:v6.0.6-10" }, { "product_name" : "RHOL-6.0-RHEL-9", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3132", "cpe" : "cpe:/a:redhat:logging:6.0::el9", "package" : "openshift-logging/loki-rhel9-operator:v6.0.6-6" }, { "product_name" : "RHOL-6.0-RHEL-9", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3132", "cpe" : "cpe:/a:redhat:logging:6.0::el9", "package" : "openshift-logging/lokistack-gateway-rhel9:v0.1.0-753" }, { "product_name" : "RHOL-6.0-RHEL-9", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3132", "cpe" : "cpe:/a:redhat:logging:6.0::el9", "package" : "openshift-logging/opa-openshift-rhel9:v0.1.0-370" }, { "product_name" : "RHOL-6.0-RHEL-9", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3132", "cpe" : "cpe:/a:redhat:logging:6.0::el9", "package" : "openshift-logging/vector-rhel9:v0.37.1-35" }, { "product_name" : "RHOL-6.1-RHEL-9", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3131", "cpe" : "cpe:/a:redhat:logging:6.1::el9", "package" : "openshift-logging/cluster-logging-operator-bundle:v6.1.4-10" }, { "product_name" : "RHOL-6.1-RHEL-9", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3131", "cpe" : "cpe:/a:redhat:logging:6.1::el9", "package" : "openshift-logging/cluster-logging-rhel9-operator:v6.1.4-5" }, { "product_name" : "RHOL-6.1-RHEL-9", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3131", "cpe" : "cpe:/a:redhat:logging:6.1::el9", "package" : "openshift-logging/eventrouter-rhel9:v0.4.0-356" }, { "product_name" : "RHOL-6.1-RHEL-9", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3131", "cpe" : "cpe:/a:redhat:logging:6.1::el9", "package" : "openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-337" }, { "product_name" : "RHOL-6.1-RHEL-9", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3131", "cpe" : "cpe:/a:redhat:logging:6.1::el9", "package" : "openshift-logging/logging-loki-rhel9:v3.4.2-6" }, { "product_name" : "RHOL-6.1-RHEL-9", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3131", "cpe" : "cpe:/a:redhat:logging:6.1::el9", "package" : "openshift-logging/loki-operator-bundle:v6.1.4-13" }, { "product_name" : "RHOL-6.1-RHEL-9", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3131", "cpe" : "cpe:/a:redhat:logging:6.1::el9", "package" : "openshift-logging/loki-rhel9-operator:v6.1.4-7" }, { "product_name" : "RHOL-6.1-RHEL-9", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3131", "cpe" : "cpe:/a:redhat:logging:6.1::el9", "package" : "openshift-logging/lokistack-gateway-rhel9:v0.1.0-752" }, { "product_name" : "RHOL-6.1-RHEL-9", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3131", "cpe" : "cpe:/a:redhat:logging:6.1::el9", "package" : "openshift-logging/opa-openshift-rhel9:v0.1.0-369" }, { "product_name" : "RHOL-6.1-RHEL-9", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3131", "cpe" : "cpe:/a:redhat:logging:6.1::el9", "package" : "openshift-logging/vector-rhel9:v0.37.1-34" }, { "product_name" : "cert-manager operator for Red Hat OpenShift 1.15", "release_date" : "2025-11-25T00:00:00Z", "advisory" : "RHSA-2025:22014", "cpe" : "cpe:/a:redhat:cert_manager:1.15::el9", "package" : "cert-manager/jetstack-cert-manager-acmesolver-rhel9:sha256:2c54470f4b9e71f11a22259db0026626459cfd75fa1f6ad96af8bd3064bf4e1e" }, { "product_name" : "cert-manager operator for Red Hat OpenShift 1.15", "release_date" : "2025-11-25T00:00:00Z", "advisory" : "RHSA-2025:22014", "cpe" : "cpe:/a:redhat:cert_manager:1.15::el9", "package" : "cert-manager/jetstack-cert-manager-rhel9:sha256:2ed56c5467b3eed15cf5f940a552d23e8cfee653df64708077d8edbe17f7baaf" }, { "product_name" : "Custom Metric Autoscaler operator for Red Hat Openshift 2.15", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3501", "cpe" : "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.15::el9", "package" : "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9:sha256:a5b5570c4c0c54d6d8833ea5985e849f0cf79913c6c049378767e11ef7eb6303" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12", "release_date" : "2025-12-03T00:00:00Z", "advisory" : "RHSA-2025:22684", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "rhacm2/acm-must-gather-rhel9:sha256:549655096c9c77159b8e0d37fd17bcd88cc8852e0ee85a5bba54cfad486b6e81" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.13", "release_date" : "2026-01-14T00:00:00Z", "advisory" : "RHSA-2026:0627", "cpe" : "cpe:/a:redhat:acm:2.13::el9", "package" : "rhacm2/acm-must-gather-rhel9:sha256:76d8f8546ff38e0d110d56dffa0a1e62cc9690f5696454586fe3e179db1dd8c3" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.5.1", "release_date" : "2025-04-09T00:00:00Z", "advisory" : "RHSA-2025:3743", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "package" : "rhosdt/opentelemetry-collector-rhel8:sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.6.0", "release_date" : "2025-06-17T00:00:00Z", "advisory" : "RHSA-2025:9167", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8", "package" : "rhosdt/opentelemetry-rhel8-operator:sha256:0230ba6094579249356713d21de1f454b7c23a16426661328b978869db9c2e53" }, { "product_name" : "Red Hat OpenShift Pipelines 1.15", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3718", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.15::el8", "package" : "openshift-pipelines/pipelines-cli-tkn-rhel8:sha256:0b83b8f1ca2060c8ff2fa92b84c93b278b21300904e268b62cbb37c4591872b8" }, { "product_name" : "Red Hat Trusted Artifact Signer 1.1", "release_date" : "2025-04-10T00:00:00Z", "advisory" : "RHSA-2025:3820", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1.1::el9", "package" : "rhtas/cosign-rhel9:sha256:2a2aa8c1a224419be83afe46b0226e168927c19c8bd3f9c4e562e5e5caebb6a9" }, { "product_name" : "Red Hat Trusted Artifact Signer 1.1", "release_date" : "2025-04-10T00:00:00Z", "advisory" : "RHSA-2025:3820", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1.1::el9", "package" : "rhtas/gitsign-rhel9:sha256:bef55c43000f266cdb7cf6ea525f7c52f2ee532b7b487ae9752aac31ebded40f" } ], "package_state" : [ { "product_name" : "cert-manager Operator for Red Hat OpenShift", "fix_state" : "Affected", "package_name" : "cert-manager-operator-rhel9", "cpe" : "cpe:/a:redhat:cert_manager:1" }, { "product_name" : "Custom Metric Autoscaler operator for Red Hat Openshift", "fix_state" : "Not affected", "package_name" : "custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8", "cpe" : "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2" }, { "product_name" : "Custom Metric Autoscaler operator for Red Hat Openshift", "fix_state" : "Not affected", "package_name" : "custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8", "cpe" : "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "multicluster-engine/assisted-installer-agent-rhel9", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "multicluster-engine/assisted-installer-controller-rhel8", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "multicluster-engine/assisted-installer-rhel8", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "multicluster-engine/assisted-service-8-rhel8", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "multicluster-engine/assisted-service-9-rhel9", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "multicluster-engine/hypershift-cli-rhel9", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "multicluster-engine/hypershift-rhel9-operator", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Will not fix", "package_name" : "openshift-pipelines-client", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Affected", "package_name" : "openshift-istio-cni-container", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Affected", "package_name" : "openshift-istio-must-gather-container", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Affected", "package_name" : "openshift-istio-pilot-container", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Affected", "package_name" : "openshift-istio-proxyv2-container", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "authorino-container", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Connectivity Link 1", "fix_state" : "Affected", "package_name" : "authorino-container", "cpe" : "cpe:/a:redhat:connectivity_link:1" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "bootc-image-builder", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "cri-o", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-cli-artifacts", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-deployer-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-hypershift-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-tools-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift-clients", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift distributed tracing 3", "fix_state" : "Not affected", "package_name" : "opentelemetry-target-allocator-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3" }, { "product_name" : "Red Hat OpenShift on AWS", "fix_state" : "Affected", "package_name" : "rosa", "cpe" : "cpe:/a:redhat:openshift_service_on_aws:1" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "quay/quay-builder-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Not affected", "package_name" : "createctconfig-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Not affected", "package_name" : "ctlog-managectroots-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Not affected", "package_name" : "fulcio-createcerts-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Not affected", "package_name" : "trillian-createdb-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Not affected", "package_name" : "tuf-server-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-27144\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-27144\nhttps://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22\nhttps://github.com/go-jose/go-jose/releases/tag/v4.0.5\nhttps://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78" ], "name" : "CVE-2025-27144", "mitigation" : { "value" : "As a workaround, applications can pre-validate that payloads being passed to Go JOSE do not contain an excessive number of `.` characters.", "lang" : "en:us" }, "csaw" : false }