{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-9283", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-04T10:26:15.873Z", "dateReserved": "2020-02-19T00:00:00", "datePublished": "2020-02-20T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-06-16T00:00:00"}, "descriptions": [{"lang": "en", "value": "golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://groups.google.com/forum/#%21topic/golang-announce/3L45YRc91SY"}, {"url": "http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html"}, {"name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2402-1] golang-go.crypto security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html"}, {"name": "[debian-lts-announce] 20201116 [SECURITY] [DLA 2453-1] restic security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html"}, {"name": "[debian-lts-announce] 20201118 [SECURITY] [DLA 2455-1] packer security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html"}, {"name": "[debian-lts-announce] 20230616 [SECURITY] [DLA 3455-1] golang-go.crypto security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:26:15.873Z"}, "title": "CVE Program Container", "references": [{"url": "https://groups.google.com/forum/#%21topic/golang-announce/3L45YRc91SY", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2402-1] golang-go.crypto security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html"}, {"name": "[debian-lts-announce] 20201116 [SECURITY] [DLA 2453-1] restic security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html"}, {"name": "[debian-lts-announce] 20201118 [SECURITY] [DLA 2455-1] packer security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html"}, {"name": "[debian-lts-announce] 20230616 [SECURITY] [DLA 3455-1] golang-go.crypto security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:golang:package_ssh:0.0.0-20200220183623-bac4c82f6975:*:*:*:*:*:*:*", "matchCriteriaId": "D9D8FAB7-0538-45D7-8471-B4AC9467B4B5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client."}, {"lang": "es", "value": "golang.org/x/crypto versiones anteriores a v0.0.0-20200220183623-bac4c82f6975, para Go permite un p\u00e1nico durante la comprobaci\u00f3n de firma en el paquete golang.org/x/crypto/ssh. Un cliente puede atacar un servidor SSH que acepte claves p\u00fablicas. Adem\u00e1s, un servidor puede atacar a cualquier cliente SSH."}], "id": "CVE-2020-9283", "lastModified": "2023-11-07T03:26:50.740", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-20T20:15:10.437", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html"}, {"source": "cve@mitre.org", "url": "https://groups.google.com/forum/#%21topic/golang-announce/3L45YRc91SY"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:1129", "cpe": "cpe:/a:redhat:3scale_amp:2.10::el7", "impact": "low", "package": "3scale-amp2/3scale-rhel7-operator:1.13.0-17", "product_name": "3scale API Management 2.10 on RHEL 7", "release_date": "2021-04-08T00:00:00Z"}, {"advisory": "RHSA-2021:1129", "cpe": "cpe:/a:redhat:3scale_amp:2.10::el7", "impact": "low", "package": "3scale-amp2/3scale-rhel7-operator-metadata:2.10.0-38", "product_name": "3scale API Management 2.10 on RHEL 7", "release_date": "2021-04-08T00:00:00Z"}, {"advisory": "RHSA-2021:1129", "cpe": "cpe:/a:redhat:3scale_amp:2.10::el7", "impact": "low", "package": "3scale-amp2/apicast-rhel7-operator:1.13.0-4", "product_name": "3scale API Management 2.10 on RHEL 7", "release_date": "2021-04-08T00:00:00Z"}, {"advisory": "RHSA-2021:1129", "cpe": "cpe:/a:redhat:3scale_amp:2.10::el7", "impact": "low", "package": "3scale-amp2/apicast-rhel7-operator-metadata:2.10.0-9", "product_name": "3scale API Management 2.10 on RHEL 7", "release_date": "2021-04-08T00:00:00Z"}, {"advisory": "RHSA-2020:3370", "cpe": "cpe:/a:redhat:jaeger:1.17::el7", "impact": "low", "package": "distributed-tracing/jaeger-agent-rhel7:1.17.6-1", "product_name": "Jaeger-1.17", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3370", "cpe": "cpe:/a:redhat:jaeger:1.17::el7", "impact": "low", "package": "distributed-tracing/jaeger-all-in-one-rhel7:1.17.6-1", "product_name": "Jaeger-1.17", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3370", "cpe": "cpe:/a:redhat:jaeger:1.17::el7", "impact": "low", "package": "distributed-tracing/jaeger-collector-rhel7:1.17.6-1", "product_name": "Jaeger-1.17", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3370", "cpe": "cpe:/a:redhat:jaeger:1.17::el7", "impact": "low", "package": "distributed-tracing/jaeger-es-index-cleaner-rhel7:1.17.6-1", "product_name": "Jaeger-1.17", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3370", "cpe": "cpe:/a:redhat:jaeger:1.17::el7", "impact": "low", "package": "distributed-tracing/jaeger-es-rollover-rhel7:1.17.6-1", "product_name": "Jaeger-1.17", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3370", "cpe": "cpe:/a:redhat:jaeger:1.17::el7", "impact": "low", "package": "distributed-tracing/jaeger-ingester-rhel7:1.17.6-1", "product_name": "Jaeger-1.17", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3370", "cpe": "cpe:/a:redhat:jaeger:1.17::el7", "impact": "low", "package": "distributed-tracing/jaeger-query-rhel7:1.17.6-1", "product_name": "Jaeger-1.17", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3370", "cpe": "cpe:/a:redhat:jaeger:1.17::el7", "impact": "low", "package": "distributed-tracing/jaeger-rhel7-operator:1.17.6-1", "product_name": "Jaeger-1.17", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3372", "cpe": "cpe:/a:redhat:service_mesh:1.0::el8", "impact": "low", "package": "openshift-service-mesh/3scale-istio-adapter-rhel8:1.0.0-8", "product_name": "OpenShift Service Mesh 1.0", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3369", "cpe": "cpe:/a:redhat:service_mesh:1.1::el7", "impact": "low", "package": "kiali-0:v1.12.10.redhat2-1.el7", "product_name": "Openshift Service Mesh 1.1", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3369", "cpe": "cpe:/a:redhat:service_mesh:1.1::el8", "impact": "low", "package": "ior-0:1.1.6-1.el8", "product_name": "OpenShift Service Mesh 1.1", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3369", "cpe": "cpe:/a:redhat:service_mesh:1.1::el8", "impact": "low", "package": "servicemesh-0:1.1.6-1.el8", "product_name": "OpenShift Service Mesh 1.1", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3369", "cpe": "cpe:/a:redhat:service_mesh:1.1::el8", "impact": "low", "package": "servicemesh-cni-0:1.1.6-1.el8", "product_name": "OpenShift Service Mesh 1.1", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3369", "cpe": "cpe:/a:redhat:service_mesh:1.1::el8", "impact": "low", "package": "servicemesh-grafana-0:6.4.3-13.el8", "product_name": "OpenShift Service Mesh 1.1", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3369", "cpe": "cpe:/a:redhat:service_mesh:1.1::el8", "impact": "low", "package": "servicemesh-operator-0:1.1.6-2.el8", "product_name": "OpenShift Service Mesh 1.1", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3369", "cpe": "cpe:/a:redhat:service_mesh:1.1::el8", "impact": "low", "package": "servicemesh-prometheus-0:2.14.0-14.el8", "product_name": "OpenShift Service Mesh 1.1", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "atomic-openshift-cluster-autoscaler-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "baremetal-machine-controller-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "cluster-monitoring-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "cluster-network-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "cluster-node-tuning-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "cluster-version-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "configmap-reload-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "coredns-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "golang-github-openshift-oauth-proxy-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "golang-github-prometheus-alertmanager-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "golang-github-prometheus-node_exporter-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "golang-github-prometheus-prometheus-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "grafana-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ironic-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ironic-hardware-inventory-recorder-image-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ironic-inspector-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ironic-ipa-downloader-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ironic-rhcos-downloader-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ironic-static-ip-manager-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "jenkins-agent-maven-35-rhel7-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "kube-proxy-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "kube-rbac-proxy-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "kube-state-metrics-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "kuryr-cni-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "kuryr-controller-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "local-storage-static-provisioner-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "marketplace-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "multus-cni-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "openshift-enterprise-builder-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "openshift-enterprise-cli-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "openshift-enterprise-console-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "openshift-enterprise-console-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "openshift-enterprise-deployer-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "openshift-enterprise-haproxy-router-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "openshift-enterprise-hyperkube-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "openshift-enterprise-keepalived-ipfailover-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "openshift-enterprise-pod-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "openshift-enterprise-registry-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "openshift-enterprise-tests-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "openshift-jenkins-2-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "operator-lifecycle-manager-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "operator-registry-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-aws-machine-controllers-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-azure-machine-controllers-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-cli-artifacts-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-cloud-credential-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-cluster-authentication-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-cluster-autoscaler-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-cluster-bootstrap-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-cluster-config-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-cluster-dns-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-cluster-image-registry-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-cluster-ingress-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-cluster-kube-apiserver-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-cluster-kube-controller-manager-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-cluster-kube-scheduler-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-cluster-machine-approver-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-cluster-openshift-apiserver-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-cluster-openshift-controller-manager-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-cluster-samples-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-cluster-storage-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-cluster-update-keys-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-etcd-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-installer-artifacts-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-installer-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-libvirt-machine-controllers-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-machine-api-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-machine-config-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-multus-admission-controller-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-must-gather-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-openshift-apiserver-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-openshift-controller-manager-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-openstack-machine-controllers-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-ovn-kubernetes-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-prometheus-adapter-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "ose-service-ca-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "prometheus-config-reloader-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "prometheus-operator-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "prom-label-proxy-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4264", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "telemeter-container", "product_name": "Red Hat OpenShift Container Platform 4", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHBA-2020:3179", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "impact": "low", "package": "openshift-clients-0:4.3.31-202007250052.p0.git.3329.59998b9.el8", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-08-05T00:00:00Z"}, {"advisory": "RHBA-2020:3180", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "impact": "low", "package": "openshift4/ose-azure-machine-controllers:v4.3.31-202007272153.p0", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-08-05T00:00:00Z"}, {"advisory": "RHSA-2020:3809", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "impact": "low", "package": "openshift4/ose-sriov-dp-admission-controller:v4.3.37-202009151447.p0", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-09-23T00:00:00Z"}, {"advisory": "RHSA-2020:2789", "cpe": "cpe:/a:redhat:openshift:4.4::el7", "impact": "low", "package": "openshift4/ose-baremetal-rhel7-operator:v4.4.0-202006290400.p0", "product_name": "Red Hat OpenShift Container Platform 4.4", "release_date": "2020-07-06T00:00:00Z"}, {"advisory": "RHSA-2020:2790", "cpe": "cpe:/a:redhat:openshift:4.4::el7", "impact": "low", "package": "openshift4/ose-azure-machine-controllers:v4.4.0-202006290400.p0", "product_name": "Red Hat OpenShift Container Platform 4.4", "release_date": "2020-07-06T00:00:00Z"}, {"advisory": "RHSA-2020:2793", "cpe": "cpe:/a:redhat:openshift:4.4::el7", "impact": "low", "package": "openshift4/ose-descheduler:v4.4.0-202006290400.p0", "product_name": "Red Hat OpenShift Container Platform 4.4", "release_date": "2020-07-06T00:00:00Z"}, {"advisory": "RHSA-2020:2878", "cpe": "cpe:/a:redhat:openshift:4.4::el7", "impact": "low", "package": "openshift4/ose-cloud-credential-operator:v4.4.0-202007060343.p0", "product_name": "Red Hat OpenShift Container Platform 4.4", "release_date": "2020-07-14T00:00:00Z"}, {"advisory": "RHSA-2020:3078", "cpe": "cpe:/a:redhat:openshift:4.4::el7", "impact": "low", "package": "openshift4/ose-cluster-machine-approver:v4.4.0-202007171809.p0", "product_name": "Red Hat OpenShift Container Platform 4.4", "release_date": "2020-07-28T00:00:00Z"}, {"advisory": "RHSA-2020:2412", "cpe": "cpe:/a:redhat:openshift:4.5::el7", "impact": "low", "package": "openshift4/ose-cluster-logging-operator:v4.5.0-202007012112.p0", "product_name": "Red Hat OpenShift Container Platform 4.5", "release_date": "2020-07-13T00:00:00Z"}, {"advisory": "RHSA-2020:2413", "cpe": "cpe:/a:redhat:openshift:4.5::el7", "impact": "low", "package": "openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8", "product_name": "Red Hat OpenShift Container Platform 4.5", "release_date": "2020-07-13T00:00:00Z"}, {"advisory": "RHSA-2020:3414", "cpe": "cpe:/a:redhat:openshift:4.5::el7", "impact": "low", "package": "openshift4/ose-cluster-kube-descheduler-operator:v4.5.0-202007131801.p0", "product_name": "Red Hat OpenShift Container Platform 4.5", "release_date": "2020-08-12T00:00:00Z"}, {"advisory": "RHSA-2020:3414", "cpe": "cpe:/a:redhat:openshift:4.5::el7", "impact": "low", "package": "openshift4/ose-descheduler:v4.5.0-202007101023.p0", "product_name": "Red Hat OpenShift Container Platform 4.5", "release_date": "2020-08-12T00:00:00Z"}, {"advisory": "RHSA-2020:4298", "cpe": "cpe:/a:redhat:openshift:4.6::el8", "impact": "low", "package": "openshift4/ose-elasticsearch-operator:v4.6.0-202010200139.p0", "product_name": "Red Hat OpenShift Container Platform 4.6", "release_date": "2020-10-27T00:00:00Z"}, {"advisory": "RHSA-2021:0799", "cpe": "cpe:/a:redhat:container_native_virtualization:2.6::el8", "package": "kubevirt-cpu-model-nfd-plugin-container", "product_name": "Red Hat OpenShift Virtualization 2", "release_date": "2021-03-10T00:00:00Z"}, {"advisory": "RHSA-2021:0799", "cpe": "cpe:/a:redhat:container_native_virtualization:2.6::el8", "package": "kubevirt-cpu-node-labeller-container", "product_name": "Red Hat OpenShift Virtualization 2", "release_date": "2021-03-10T00:00:00Z"}, {"advisory": "RHSA-2021:0799", "cpe": "cpe:/a:redhat:container_native_virtualization:2.6::el8", "package": "kubevirt-kvm-info-nfd-plugin-container", "product_name": "Red Hat OpenShift Virtualization 2", "release_date": "2021-03-10T00:00:00Z"}, {"advisory": "RHSA-2021:0799", "cpe": "cpe:/a:redhat:container_native_virtualization:2.6::el8", "package": "vm-import-controller-container", "product_name": "Red Hat OpenShift Virtualization 2", "release_date": "2021-03-10T00:00:00Z"}], "bugzilla": {"description": "golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic", "id": "1804533", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804533"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-130", "details": ["golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.", "A denial of service vulnerability was found in the SSH package of the golang.org/x/crypto library. An attacker could exploit this flaw by supplying crafted SSH ed25519 keys to cause a crash in applications that use this package as either an SSH client or server."], "name": "CVE-2020-9283", "package_state": [{"cpe": "cpe:/a:redhat:service_mesh:1", "fix_state": "Out of support scope", "impact": "low", "package_name": "jaeger", "product_name": "OpenShift Service Mesh 1"}, {"cpe": "cpe:/a:redhat:service_mesh:1", "fix_state": "Out of support scope", "impact": "low", "package_name": "jaeger-operator", "product_name": "OpenShift Service Mesh 1"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "gomtree", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "impact": "low", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "impact": "low", "package_name": "atomic-openshift-cluster-autoscaler", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "impact": "low", "package_name": "atomic-openshift-descheduler", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "impact": "low", "package_name": "golang-github-openshift-oauth-proxy", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift-enterprise-cluster-capacity", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-baremetal-installer-rhel7", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-baremetal-machine-controllers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "impact": "low", "package_name": "openshift4/ose-cluster-authentication-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-cluster-autoscaler", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "impact": "low", "package_name": "openshift4/ose-cluster-bootstrap", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "impact": "low", "package_name": "openshift4/ose-cluster-capacity", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "impact": "low", "package_name": "openshift4/ose-cluster-config-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "impact": "low", "package_name": "openshift4/ose-cluster-network-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "impact": "low", "package_name": "openshift4/ose-cluster-openshift-apiserver-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "impact": "low", "package_name": "openshift4/ose-cluster-policy-controller-rhel7", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-cluster-svcat-apiserver-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-cluster-svcat-controller-manager-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-console-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-descheduler-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-installer", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-installer-artifacts", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "impact": "low", "package_name": "openshift4/ose-kube-proxy", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-libvirt-machine-controllers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-local-storage-static-provisioner", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-metering-helm-container-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "impact": "low", "package_name": "openshift4/ose-node", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "impact": "low", "package_name": "openshift4/ose-oauth-proxy", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-operator-marketplace", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-ptp", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "impact": "low", "package_name": "openshift4/ose-service-ca-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-service-catalog", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "impact": "low", "package_name": "openshift4/ose-vertical-pod-autoscaler-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "impact": "low", "package_name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift-enterprise-service-catalog", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "template-service-broker-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "impact": "low", "package_name": "ocs4/cephcsi-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Not affected", "package_name": "ocs4/mcg-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Not affected", "package_name": "ocs4/ocs-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Not affected", "package_name": "ocs4/rook-ceph-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:1", "fix_state": "Out of support scope", "impact": "low", "package_name": "ember-csi-operator", "product_name": "Red Hat OpenShift Virtualization 1"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:1", "fix_state": "Will not fix", "impact": "low", "package_name": "kubevirt-cpu-node-labeller", "product_name": "Red Hat OpenShift Virtualization 1"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:1", "fix_state": "Will not fix", "impact": "low", "package_name": "kubevirt-metrics-collector", "product_name": "Red Hat OpenShift Virtualization 1"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:1", "fix_state": "Will not fix", "impact": "low", "package_name": "kubevirt-web-ui", "product_name": "Red Hat OpenShift Virtualization 1"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:1", "fix_state": "Will not fix", "impact": "low", "package_name": "kubevirt-web-ui-operator", "product_name": "Red Hat OpenShift Virtualization 1"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:1", "fix_state": "Will not fix", "impact": "low", "package_name": "multus-cni", "product_name": "Red Hat OpenShift Virtualization 1"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:1", "fix_state": "Will not fix", "impact": "low", "package_name": "ovs-cni-plugin", "product_name": "Red Hat OpenShift Virtualization 1"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:1", "fix_state": "Will not fix", "impact": "low", "package_name": "sriov-network-device-plugin", "product_name": "Red Hat OpenShift Virtualization 1"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:1", "fix_state": "Will not fix", "impact": "low", "package_name": "virt-api", "product_name": "Red Hat OpenShift Virtualization 1"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:1", "fix_state": "Out of support scope", "impact": "low", "package_name": "virt-cdi-apiserver", "product_name": "Red Hat OpenShift Virtualization 1"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:1", "fix_state": "Out of support scope", "impact": "low", "package_name": "virt-cdi-cloner", "product_name": "Red Hat OpenShift Virtualization 1"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:1", "fix_state": "Out of support scope", "impact": "low", "package_name": "virt-cdi-controller", "product_name": "Red Hat OpenShift Virtualization 1"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:1", "fix_state": "Out of support scope", "impact": "low", "package_name": "virt-cdi-importer", "product_name": "Red Hat OpenShift Virtualization 1"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:1", "fix_state": "Out of support scope", "impact": "low", "package_name": "virt-cdi-operator", "product_name": "Red Hat OpenShift Virtualization 1"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:1", "fix_state": "Out of support scope", "impact": "low", "package_name": "virt-cdi-uploadproxy", "product_name": "Red Hat OpenShift Virtualization 1"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:1", "fix_state": "Out of support scope", "impact": "low", "package_name": "virt-cdi-uploadserver", "product_name": "Red Hat OpenShift Virtualization 1"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:1", "fix_state": "Will not fix", "impact": "low", "package_name": "virt-controller", "product_name": "Red Hat OpenShift Virtualization 1"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:1", "fix_state": "Will not fix", "impact": "low", "package_name": "virt-handler", "product_name": "Red Hat OpenShift Virtualization 1"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:1", "fix_state": "Will not fix", "impact": "low", "package_name": "virt-launcher", "product_name": "Red Hat OpenShift Virtualization 1"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:1", "fix_state": "Will not fix", "impact": "low", "package_name": "virt-operator", "product_name": "Red Hat OpenShift Virtualization 1"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "impact": "low", "package_name": "kubernetes-nmstate-handler", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Affected", "impact": "low", "package_name": "kubevirt-cpu-node-labeller", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "impact": "low", "package_name": "kubevirt-metrics-collector", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "impact": "low", "package_name": "node-maintenance-operator", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Affected", "impact": "low", "package_name": "virt-api", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Affected", "impact": "low", "package_name": "virt-cdi-apiserver", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Affected", "impact": "low", "package_name": "virt-cdi-cloner", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Affected", "impact": "low", "package_name": "virt-cdi-controller", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Affected", "impact": "low", "package_name": "virt-cdi-importer", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Affected", "impact": "low", "package_name": "virt-cdi-operator", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Affected", "impact": "low", "package_name": "virt-cdi-uploadproxy", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Affected", "impact": "low", "package_name": "virt-cdi-uploadserver", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Affected", "impact": "low", "package_name": "virt-controller", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Affected", "impact": "low", "package_name": "virt-handler", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Affected", "impact": "low", "package_name": "virt-launcher", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Affected", "impact": "low", "package_name": "virt-operator", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "grafana", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "impact": "low", "package_name": "heketi", "product_name": "Red Hat Storage 3"}], "public_date": "2020-02-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-9283\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-9283\nhttps://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY"], "statement": "OpenShift Container Platform uses the vulnerable library in a number of components but strictly as an SSH client. The severity of this vulnerability is reduced for clients as it requires connections to malicious SSH servers, with the maximum impact only a client crash. This vulnerability is rated Low for OpenShift Container Platform.", "threat_severity": "Important", "upstream_fix": "golang.org/x/crypto 0.0.0-20200220183623-bac4c82f6975"}