CVE-2021-20329 - Vulnerability Details

Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mongodb	Go Driver
Redhat	Container Native Virtualization Openshift Service Mesh

Configuration 1 [-]

cpe:2.3:a:mongodb:go_driver:*:*:*:*:*:mongodb:*:*

Package	CPE	Advisory	Released Date
Red Hat OpenShift Container Platform 4.10
openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202303210741.p0.ge6b5664.assembly.stream	cpe:/a:redhat:openshift:4.10::el8	RHSA-2023:1392	2023-03-29T00:00:00Z
openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202304031241.p0.g3b06768.assembly.stream	cpe:/a:redhat:openshift:4.10::el8	RHSA-2023:1656	2023-04-12T00:00:00Z
Red Hat OpenShift Container Platform 4.11
openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202303240327.p0.gce6c43b.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2023:1504	2023-04-04T00:00:00Z
Red Hat OpenShift Container Platform 4.12
openshift4/ose-csi-driver-manila-rhel8-operator:v4.12.0-202303210718.p0.gaf25a1f.assembly.stream	cpe:/a:redhat:openshift:4.12::el8	RHSA-2023:1409	2023-03-27T00:00:00Z
Red Hat OpenShift Container Platform 4.13
openshift4/ose-baremetal-machine-controllers:v4.13.0-202305030754.p0.gd20bc57.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:1326	2023-05-17T00:00:00Z
openshift4/ose-csi-driver-manila-rhel8-operator:v4.13.0-202304190216.p0.ge540ced.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:1326	2023-05-17T00:00:00Z
openshift4/ose-installer:v4.13.0-202305091542.p0.g44db7b2.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:1326	2023-05-17T00:00:00Z
openshift4/ose-olm-rukpak-rhel8:v4.13.0-202304190216.p0.g66b3e55.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:1326	2023-05-17T00:00:00Z
openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.13.0-202304280215.p0.gc254e6e.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:1328	2023-05-18T00:00:00Z
openshift4/dpu-network-rhel8-operator:v4.13.0-202308221627.p0.g35cbabd.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:4730	2023-08-30T00:00:00Z
openshift4/ose-operator-lifecycle-manager:v4.13.0-202401092010.p0.g2357f75.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2024:0193	2024-01-17T00:00:00Z
Red Hat OpenShift Container Platform 4.14
openshift4/ose-baremetal-machine-controllers:v4.14.0-202310201027.p0.g412acb3.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-csi-driver-manila-rhel8-operator:v4.14.0-202310201027.p0.gea34192.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-haproxy-router:v4.14.0-202310201027.p0.g7cbd152.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-installer:v4.14.0-202310201027.p0.g03546e5.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/cloud-event-proxy-rhel8:v4.14.0-202310201027.p0.gc3dc0ec.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/frr-rhel9:v4.14.0-202310201027.p0.g0414ca3.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ingress-node-firewall-operator-bundle:v4.14.0.202310201027.p0.g3784ac1.assembly.stream-1	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ingress-node-firewall-rhel9:v4.14.0-202310201027.p0.g3784ac1.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ingress-node-firewall-rhel9-operator:v4.14.0-202310201027.p0.g3784ac1.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/kubernetes-nmstate-operator-bundle:v4.14.0.202310201027.p0.g5d81544.assembly.stream-1	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/kubernetes-nmstate-rhel9-operator:v4.14.0-202310201027.p0.g5d81544.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/metallb-rhel8:v4.14.0-202310201027.p0.g73f6f31.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/metallb-rhel8-operator:v4.14.0-202310201027.p0.g593c753.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/nmstate-console-plugin-rhel8:v4.14.0-202310201027.p0.g75fe6e5.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-aws-efs-csi-driver-container-rhel8:v4.14.0-202310201027.p0.g66925fd.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-aws-efs-csi-driver-operator-bundle:v4.14.0.202310201027.p0.ge7d739f.assembly.stream-1	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-aws-efs-csi-driver-rhel8-operator:v4.14.0-202310201027.p0.ge7d739f.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-cloud-event-proxy-rhel8:v4.14.0-202310201027.p0.gc3dc0ec.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-cluster-kube-descheduler-operator:v4.14.0-202310201027.p0.gabca215.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-cluster-kube-descheduler-operator-bundle:v4.14.0.202310201027.p0.gabca215.assembly.stream-1	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-cluster-kube-descheduler-operator-metadata:v4.14.0.202310201027.p0.gabca215.assembly.stream-1	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.14.0-202310201027.p0.gabca215.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-cluster-nfd-operator:v4.14.0-202310201027.p0.gf1f745a.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-cluster-nfd-operator-bundle:v4.14.0.202310201027.p0.gf1f745a.assembly.stream-1	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-clusterresourceoverride-operator-bundle:v4.14.0.202310201027.p0.gb1b0669.assembly.stream-1	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-clusterresourceoverride-rhel8:v4.14.0-202310201027.p0.g55d1f53.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-clusterresourceoverride-rhel8-operator:v4.14.0-202310201027.p0.gb1b0669.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-csi-external-provisioner:v4.14.0-202310201027.p0.g78a710f.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-csi-external-provisioner-rhel8:v4.14.0-202310201027.p0.g78a710f.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-csi-external-resizer:v4.14.0-202310201027.p0.g59a701a.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-csi-external-resizer-rhel8:v4.14.0-202310201027.p0.g59a701a.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-csi-external-snapshotter:v4.14.0-202310201027.p0.g0bf9276.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-csi-external-snapshotter-rhel8:v4.14.0-202310201027.p0.g0bf9276.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-csi-livenessprobe:v4.14.0-202310201027.p0.ga9bcbde.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-csi-livenessprobe-rhel8:v4.14.0-202310201027.p0.ga9bcbde.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-csi-node-driver-registrar:v4.14.0-202310201027.p0.g9dcaa7f.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-csi-node-driver-registrar-rhel8:v4.14.0-202310201027.p0.g9dcaa7f.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-descheduler:v4.14.0-202310201027.p0.g0fb0646.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-gcp-filestore-csi-driver-operator-bundle:v4.14.0.202310201027.p0.g413ab3a.assembly.stream-1	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-gcp-filestore-csi-driver-rhel8:v4.14.0-202310201027.p0.ga6af579.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-gcp-filestore-csi-driver-rhel8-operator:v4.14.0-202310201027.p0.g413ab3a.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-kube-rbac-proxy:v4.14.0-202310201027.p0.g7681039.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-kubernetes-nmstate-handler-rhel9:v4.14.0-202310201027.p0.g5d81544.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-kubernetes-nmstate-handler-rhel9-operator:v4.14.0-202310201027.p0.g5d81544.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-local-storage-diskmaker:v4.14.0-202310201027.p0.gc41b6ba.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-local-storage-mustgather-rhel8:v4.14.0-202310201027.p0.gc41b6ba.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-local-storage-operator:v4.14.0-202310201027.p0.gc41b6ba.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-local-storage-operator-bundle:v4.14.0.202310201027.p0.gc41b6ba.assembly.stream-1	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-metallb-operator-bundle:v4.14.0.202310201027.p0.g593c753.assembly.stream-1	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-node-feature-discovery:v4.14.0-202310201027.p0.g060e629.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-ptp-operator:v4.14.0-202310201027.p0.gb9339b2.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-ptp-operator-bundle:v4.14.0.202310201027.p0.gb9339b2.assembly.stream-1	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-ptp-operator-metadata:v4.14.0.202310201027.p0.gb9339b2.assembly.stream-1	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-ptp-rhel9:v4.14.0-202310201027.p0.g80d08c5.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-secrets-store-csi-driver-operator-bundle:v4.14.0.202310201027.p0.g1e01fc0.assembly.stream-1	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-secrets-store-csi-driver-rhel8:v4.14.0-202310201027.p0.g4b5bd4b.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-secrets-store-csi-driver-rhel8-operator:v4.14.0-202310201027.p0.g1e01fc0.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-sriov-dp-admission-controller:v4.14.0-202310201027.p0.g82a744e.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-sriov-infiniband-cni:v4.14.0-202310201027.p0.geba0d95.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-sriov-network-config-daemon:v4.14.0-202310201027.p0.g749b4a3.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-sriov-network-device-plugin:v4.14.0-202310201027.p0.g518f258.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-sriov-network-operator:v4.14.0-202310201027.p0.g749b4a3.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-sriov-network-operator-bundle:v4.14.0.202310201027.p0.g749b4a3.assembly.stream-1	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-sriov-network-webhook:v4.14.0-202310201027.p0.g749b4a3.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-vertical-pod-autoscaler-operator-bundle:v4.14.0.202310201027.p0.geae798e.assembly.stream-1	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-vertical-pod-autoscaler-operator-metadata:v4.14.0.202310201027.p0.geae798e.assembly.stream-1	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-vertical-pod-autoscaler-rhel8:v4.14.0-202310201027.p0.g0822c7b.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.14.0-202310201027.p0.geae798e.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/sriov-cni-rhel9:v4.14.0-202310201027.p0.gf73cb4b.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift-tech-preview/metallb-rhel8:v4.14.0-202310201027.p0.g73f6f31.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
Red Hat OpenShift Container Platform 4.9
openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202303281553.p0.g062018e.assembly.stream	cpe:/a:redhat:openshift:4.9::el8	RHSA-2023:1525	2023-04-05T00:00:00Z
Red Hat OpenShift Service Mesh 2.2 for RHEL 8
openshift-service-mesh/prometheus-rhel8:2.2.7-7	cpe:/a:redhat:service_mesh:2.2::el8	RHSA-2023:3645	2023-06-15T00:00:00Z
RHEL-9-CNV-4.14
container-native-virtualization/virt-api-rhel9:v4.14.0-395	cpe:/a:redhat:container_native_virtualization:4.14::el9	RHSA-2023:6817	2023-11-08T00:00:00Z

References

Link	Providers
https://github.com/advisories/GHSA-f6mq-5m25-4r72
https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1
https://nvd.nist.gov/vuln/detail/CVE-2021-20329
https://www.cve.org/CVERecord?id=CVE-2021-20329

History

Mon, 16 Sep 2024 23:00:00 +0000

Type	Values Removed	Values Added
Description	Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.	Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.

MITRE

Status: PUBLISHED

Assigner: mongodb

Published: 2021-06-10T16:30:11.055753Z

Updated: 2024-09-16T22:55:51.498Z

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20329

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-06-10T17:15:08.047

Modified: 2024-11-21T05:46:23.420

Link: CVE-2021-20329

Redhat

Severity : Moderate

Publid Date: 2021-03-30T00:00:00Z

Links: CVE-2021-20329 - Bugzilla

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MongoDB Go Driver", "vendor": "MongoDB Inc.", "versions": [{"lessThanOrEqual": "1.5.0", "status": "affected", "version": "1.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Hugo Ferrando Seage"}], "datePublic": "2021-06-09T23:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.</p>"}], "value": "Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1287", "description": "CWE-1287: Improper Validation of Specified Type of Input", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "shortName": "mongodb", "dateUpdated": "2024-01-23T16:03:19.528Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1"}], "source": {"discovery": "EXTERNAL"}, "title": "Specific cstrings input may not be properly validated in the Go Driver", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@mongodb.com", "DATE_PUBLIC": "2021-06-10T14:00:00.000Z", "ID": "CVE-2021-20329", "STATE": "PUBLIC", "TITLE": "Specific cstrings input may not be properly validated in the Go Driver"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MongoDB Go Driver", "version": {"version_data": [{"version_affected": "<=", "version_name": "1.0", "version_value": "1.5.0"}]}}]}, "vendor_name": "MongoDB Inc."}]}}, "credit": [{"lang": "eng", "value": "Hugo Ferrando Seage"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to (and including) 1.5.0."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-1287: Improper Validation of Specified Type of Input"}]}]}, "references": {"reference_data": [{"name": "https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1", "refsource": "CONFIRM", "url": "https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:37:23.756Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1"}]}]}, "cveMetadata": {"assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "assignerShortName": "mongodb", "cveId": "CVE-2021-20329", "datePublished": "2021-06-10T16:30:11.055753Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-16T22:55:51.498Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mongodb:go_driver:*:*:*:*:*:mongodb:*:*", "matchCriteriaId": "95312D9A-F73D-4AF8-9735-2AF0A856A157", "versionEndIncluding": "1.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0."}, {"lang": "es", "value": "Es posible que la entrada de cadenas de caracteres espec\u00edficas no se validen apropiadamente en el controlador MongoDB Go al marshallar objetos Go en BSON. Un usuario malicioso podr\u00eda usar un objeto Go con una cadena espec\u00edfica para inyectar potencialmente campos adicionales en los documentos ordenados. Este problema afecta a todos los controladores GO de MongoDB hasta (e incluyendo) la versi\u00f3n 1.5.0"}], "id": "CVE-2021-20329", "lastModified": "2024-11-21T05:46:23.420", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "cna@mongodb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-10T17:15:08.047", "references": [{"source": "cna@mongodb.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1"}], "sourceIdentifier": "cna@mongodb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1287"}], "source": "cna@mongodb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:1392", "cpe": "cpe:/a:redhat:openshift:4.10::el8", "package": "openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202303210741.p0.ge6b5664.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.10", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1656", "cpe": "cpe:/a:redhat:openshift:4.10::el8", "package": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202304031241.p0.g3b06768.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.10", "release_date": "2023-04-12T00:00:00Z"}, {"advisory": "RHSA-2023:1504", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202303240327.p0.gce6c43b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2023-04-04T00:00:00Z"}, {"advisory": "RHSA-2023:1409", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.12.0-202303210718.p0.gaf25a1f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2023-03-27T00:00:00Z"}, {"advisory": "RHSA-2023:1326", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-baremetal-machine-controllers:v4.13.0-202305030754.p0.gd20bc57.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-17T00:00:00Z"}, {"advisory": "RHSA-2023:1326", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.13.0-202304190216.p0.ge540ced.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-17T00:00:00Z"}, {"advisory": "RHSA-2023:1326", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-installer:v4.13.0-202305091542.p0.g44db7b2.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-17T00:00:00Z"}, {"advisory": "RHSA-2023:1326", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-olm-rukpak-rhel8:v4.13.0-202304190216.p0.g66b3e55.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-17T00:00:00Z"}, {"advisory": "RHSA-2023:1328", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.13.0-202304280215.p0.gc254e6e.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-18T00:00:00Z"}, {"advisory": "RHSA-2023:4730", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/dpu-network-rhel8-operator:v4.13.0-202308221627.p0.g35cbabd.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-08-30T00:00:00Z"}, {"advisory": "RHSA-2024:0193", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-operator-lifecycle-manager:v4.13.0-202401092010.p0.g2357f75.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-01-17T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-baremetal-machine-controllers:v4.14.0-202310201027.p0.g412acb3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.14.0-202310201027.p0.gea34192.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-haproxy-router:v4.14.0-202310201027.p0.g7cbd152.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-installer:v4.14.0-202310201027.p0.g03546e5.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/cloud-event-proxy-rhel8:v4.14.0-202310201027.p0.gc3dc0ec.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/frr-rhel9:v4.14.0-202310201027.p0.g0414ca3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ingress-node-firewall-operator-bundle:v4.14.0.202310201027.p0.g3784ac1.assembly.stream-1", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ingress-node-firewall-rhel9:v4.14.0-202310201027.p0.g3784ac1.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ingress-node-firewall-rhel9-operator:v4.14.0-202310201027.p0.g3784ac1.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/kubernetes-nmstate-operator-bundle:v4.14.0.202310201027.p0.g5d81544.assembly.stream-1", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/kubernetes-nmstate-rhel9-operator:v4.14.0-202310201027.p0.g5d81544.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/metallb-rhel8:v4.14.0-202310201027.p0.g73f6f31.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/metallb-rhel8-operator:v4.14.0-202310201027.p0.g593c753.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/nmstate-console-plugin-rhel8:v4.14.0-202310201027.p0.g75fe6e5.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-aws-efs-csi-driver-container-rhel8:v4.14.0-202310201027.p0.g66925fd.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-aws-efs-csi-driver-operator-bundle:v4.14.0.202310201027.p0.ge7d739f.assembly.stream-1", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-aws-efs-csi-driver-rhel8-operator:v4.14.0-202310201027.p0.ge7d739f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cloud-event-proxy-rhel8:v4.14.0-202310201027.p0.gc3dc0ec.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-kube-descheduler-operator:v4.14.0-202310201027.p0.gabca215.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-kube-descheduler-operator-bundle:v4.14.0.202310201027.p0.gabca215.assembly.stream-1", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-kube-descheduler-operator-metadata:v4.14.0.202310201027.p0.gabca215.assembly.stream-1", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.14.0-202310201027.p0.gabca215.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-nfd-operator:v4.14.0-202310201027.p0.gf1f745a.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-nfd-operator-bundle:v4.14.0.202310201027.p0.gf1f745a.assembly.stream-1", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-clusterresourceoverride-operator-bundle:v4.14.0.202310201027.p0.gb1b0669.assembly.stream-1", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-clusterresourceoverride-rhel8:v4.14.0-202310201027.p0.g55d1f53.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.14.0-202310201027.p0.gb1b0669.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-csi-external-provisioner:v4.14.0-202310201027.p0.g78a710f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-csi-external-provisioner-rhel8:v4.14.0-202310201027.p0.g78a710f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-csi-external-resizer:v4.14.0-202310201027.p0.g59a701a.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-csi-external-resizer-rhel8:v4.14.0-202310201027.p0.g59a701a.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-csi-external-snapshotter:v4.14.0-202310201027.p0.g0bf9276.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-csi-external-snapshotter-rhel8:v4.14.0-202310201027.p0.g0bf9276.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-csi-livenessprobe:v4.14.0-202310201027.p0.ga9bcbde.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-csi-livenessprobe-rhel8:v4.14.0-202310201027.p0.ga9bcbde.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-csi-node-driver-registrar:v4.14.0-202310201027.p0.g9dcaa7f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.14.0-202310201027.p0.g9dcaa7f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-descheduler:v4.14.0-202310201027.p0.g0fb0646.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-gcp-filestore-csi-driver-operator-bundle:v4.14.0.202310201027.p0.g413ab3a.assembly.stream-1", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-gcp-filestore-csi-driver-rhel8:v4.14.0-202310201027.p0.ga6af579.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator:v4.14.0-202310201027.p0.g413ab3a.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-kube-rbac-proxy:v4.14.0-202310201027.p0.g7681039.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-kubernetes-nmstate-handler-rhel9:v4.14.0-202310201027.p0.g5d81544.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-kubernetes-nmstate-handler-rhel9-operator:v4.14.0-202310201027.p0.g5d81544.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-local-storage-diskmaker:v4.14.0-202310201027.p0.gc41b6ba.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-local-storage-mustgather-rhel8:v4.14.0-202310201027.p0.gc41b6ba.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-local-storage-operator:v4.14.0-202310201027.p0.gc41b6ba.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-local-storage-operator-bundle:v4.14.0.202310201027.p0.gc41b6ba.assembly.stream-1", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-metallb-operator-bundle:v4.14.0.202310201027.p0.g593c753.assembly.stream-1", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-node-feature-discovery:v4.14.0-202310201027.p0.g060e629.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-ptp-operator:v4.14.0-202310201027.p0.gb9339b2.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-ptp-operator-bundle:v4.14.0.202310201027.p0.gb9339b2.assembly.stream-1", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-ptp-operator-metadata:v4.14.0.202310201027.p0.gb9339b2.assembly.stream-1", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-ptp-rhel9:v4.14.0-202310201027.p0.g80d08c5.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-secrets-store-csi-driver-operator-bundle:v4.14.0.202310201027.p0.g1e01fc0.assembly.stream-1", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-secrets-store-csi-driver-rhel8:v4.14.0-202310201027.p0.g4b5bd4b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-secrets-store-csi-driver-rhel8-operator:v4.14.0-202310201027.p0.g1e01fc0.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-sriov-dp-admission-controller:v4.14.0-202310201027.p0.g82a744e.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-sriov-infiniband-cni:v4.14.0-202310201027.p0.geba0d95.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-sriov-network-config-daemon:v4.14.0-202310201027.p0.g749b4a3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-sriov-network-device-plugin:v4.14.0-202310201027.p0.g518f258.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-sriov-network-operator:v4.14.0-202310201027.p0.g749b4a3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-sriov-network-operator-bundle:v4.14.0.202310201027.p0.g749b4a3.assembly.stream-1", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-sriov-network-webhook:v4.14.0-202310201027.p0.g749b4a3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-vertical-pod-autoscaler-operator-bundle:v4.14.0.202310201027.p0.geae798e.assembly.stream-1", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-vertical-pod-autoscaler-operator-metadata:v4.14.0.202310201027.p0.geae798e.assembly.stream-1", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-vertical-pod-autoscaler-rhel8:v4.14.0-202310201027.p0.g0822c7b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.14.0-202310201027.p0.geae798e.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/sriov-cni-rhel9:v4.14.0-202310201027.p0.gf73cb4b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift-tech-preview/metallb-rhel8:v4.14.0-202310201027.p0.g73f6f31.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:1525", "cpe": "cpe:/a:redhat:openshift:4.9::el8", "package": "openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202303281553.p0.g062018e.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.9", "release_date": "2023-04-05T00:00:00Z"}, {"advisory": "RHSA-2023:3645", "cpe": "cpe:/a:redhat:service_mesh:2.2::el8", "package": "openshift-service-mesh/prometheus-rhel8:2.2.7-7", "product_name": "Red Hat OpenShift Service Mesh 2.2 for RHEL 8", "release_date": "2023-06-15T00:00:00Z"}, {"advisory": "RHSA-2023:6817", "cpe": "cpe:/a:redhat:container_native_virtualization:4.14::el9", "package": "container-native-virtualization/virt-api-rhel9:v4.14.0-395", "product_name": "RHEL-9-CNV-4.14", "release_date": "2023-11-08T00:00:00Z"}], "bugzilla": {"description": "mongo-go-driver: specific cstrings input may not be properly validated", "id": "1971033", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971033"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-20", "details": ["Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.", "A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled documents."], "name": "CVE-2021-20329", "package_state": [{"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Affected", "package_name": "cert-manager/cert-manager-operator-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cost_management:1", "fix_state": "Not affected", "package_name": "costmanagement/costmanagement-metrics-rhel8-operator", "product_name": "Cost Management Metrics Operator"}, {"cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2", "fix_state": "Not affected", "package_name": "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8", "product_name": "Custom Metric Autoscaler operator for Red Hat Openshift"}, {"cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2", "fix_state": "Not affected", "package_name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator", "product_name": "Custom Metric Autoscaler operator for Red Hat Openshift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/cluster-logging-rhel8-operator", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/logging-loki-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/lokistack-gateway-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/opa-openshift-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:rhmt", "fix_state": "Not affected", "package_name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8", "product_name": "Migration Toolkit for Containers"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Affected", "package_name": "migration-toolkit-virtualization/mtv-controller-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Not affected", "package_name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Not affected", "package_name": "oadp/oadp-kubevirt-velero-plugin-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Not affected", "package_name": "oadp/oadp-rhel8-operator", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Not affected", "package_name": "oadp/oadp-velero-plugin-for-aws-rhel9", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Not affected", "package_name": "oadp/oadp-velero-plugin-for-csi-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Not affected", "package_name": "oadp/oadp-velero-plugin-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Will not fix", "package_name": "jenkins-operator-container", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Will not fix", "package_name": "ocp-tools-4/service-binding-rhel8-operator", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:openshift_secondary_scheduler:1", "fix_state": "Not affected", "package_name": "openshift-secondary-scheduler-operator/secondary-scheduler-rhel9-operator", "product_name": "OpenShift Secondary Scheduler Operator"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Will not fix", "package_name": "openshift-serverless-1/client-kn-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/ingress-rhel8-operator", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "openshift-service-mesh/istio-rhel8-operator", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-apicast-operator-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-operator-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "acm-multicluster-globalhub-agent-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "multicloud-operators-foundation", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "multicloud-operators-placementrule", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/acm-governance-policy-addon-controller-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/acm-governance-policy-framework-addon-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/acm-grafana-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/acm-prometheus-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/acm-volsync-addon-controller-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/governance-policy-spec-sync-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/governance-policy-status-sync-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/insights-client-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/insights-metrics-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/klusterlet-addon-controller-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/kube-state-metrics-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/lighthouse-agent-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/multicloud-manager-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/multiclusterhub-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/multicluster-operators-application-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/multicluster-operators-subscription-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/observatorium-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/observatorium-rhel8-operator", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/prometheus-alertmanager-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/prometheus-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/rbac-query-proxy-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/search-aggregator-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/search-collector-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/thanos-receive-controller-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/thanos-rhel7", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "search-aggregator", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "search-collector", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-roxctl-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-scanner-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/cnf-tests-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/kubevirt-csi-driver-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/oc-mirror-plugin-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-agent-installer-api-server-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-agent-installer-csr-approver-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-agent-installer-node-agent-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-alibaba-cloud-controller-manager-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-alibaba-cloud-csi-driver-container-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-aws-cluster-api-controllers-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-aws-ebs-csi-driver-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-aws-machine-controllers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-azure-disk-csi-driver-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-azure-disk-csi-driver-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-azure-file-csi-driver-operator-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-azure-file-csi-driver-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-azure-machine-controllers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-baremetal-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-cloud-credential-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-authentication-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-autoscaler-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-baremetal-operator-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-bootstrap", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-capi-operator-container-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-capi-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-config-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-dns-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-etcd-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-image-registry-rhel9-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-ingress-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-kube-apiserver-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-kube-controller-manager-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-kube-scheduler-rhel9-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel9-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-machine-approver-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-monitoring-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-network-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-node-tuning-rhel9-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-openshift-apiserver-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-openshift-controller-manager-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-policy-controller-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-cluster-samples-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-storage-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-version-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-console-rhel9-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-contour-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-coredns-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-csi-driver-manila-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-csi-driver-shared-resource-operator-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-csi-driver-shared-resource-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-csi-snapshot-controller", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-csi-snapshot-controller-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-docker-builder", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-docker-registry", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-gcp-machine-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-gcp-pd-csi-driver-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-grafana", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-helm-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-hypershift-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-ibmcloud-cluster-api-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-ibm-cloud-controller-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-ibmcloud-machine-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-ibm-vpc-block-csi-driver-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-insights-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-kube-storage-version-migrator-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-libvirt-machine-controllers-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-local-storage-static-provisioner", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-machine-api-provider-openstack-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-machine-api-rhel9-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-machine-config-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-metering-ansible-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-metering-helm-container-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-multus-cni", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-multus-networkpolicy-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-oauth-apiserver-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-oauth-proxy", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-oauth-server-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-openshift-apiserver-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-openshift-controller-manager-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-openstack-machine-controllers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-operator-marketplace", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-operator-registry-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-operator-sdk-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-ovirt-machine-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-pod", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-powervs-block-csi-driver-operator-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-powervs-block-csi-driver-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-powervs-cloud-controller-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-powervs-machine-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-prometheus", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-prometheus-alertmanager", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-prometheus-rhel9-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-prom-label-proxy", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-sdn-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-service-ca-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-telemeter", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-tests", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-thanos-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-tools-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-vmware-vsphere-csi-driver-rhel9-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-vsphere-cloud-controller-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-vsphere-csi-driver-rhel9-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-vsphere-csi-driver-syncer-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-vsphere-problem-detector-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ovirt-csi-driver-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/special-resource-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/topology-aware-lifecycle-manager-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4-wincw/windows-machine-config-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ztp-site-generate-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift-security-profiles-operator-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "ose-haproxy-router-base-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "redhat/redhat-operator-index", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:assisted_installer:", "fix_state": "Out of support scope", "package_name": "rhai-tech-preview/assisted-installer-agent-rhel8", "product_name": "Red Hat OpenShift Container Platform Assisted Installer"}, {"cpe": "cpe:/a:redhat:assisted_installer:", "fix_state": "Not affected", "package_name": "rhai-tech-preview/assisted-installer-rhel8", "product_name": "Red Hat OpenShift Container Platform Assisted Installer"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/cephcsi-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/mcg-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/ocs-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/rook-ceph-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/volume-replication-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/cephcsi-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/mcg-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/ocs-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-csi-addons-sidecar-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-multicluster-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odr-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/rook-ceph-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-ml-pipelines-cache-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-model-controller-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-modelmesh-serving-controller-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-operator-base-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-agent-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-rhel8-operator", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/opentelemetry-collector-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/opentelemetry-rhel8-operator", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/applicationset-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/argocd-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Not affected", "package_name": "openshift-gitops-1/gitops-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/gitops-rhel8-operator", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/kam-delivery-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "container-native-virtualization/virt-api", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "osp-director-provisioner-container", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "rhosp-rhel8/osp-director-agent", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "rhosp-rhel8-tech-preview/osp-director-downloader", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "rhosp-rhel8-tech-preview/osp-director-operator", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Will not fix", "package_name": "quay/quay-bridge-operator-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Will not fix", "package_name": "quay/quay-openshift-bridge-rhel8-operator", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Not affected", "package_name": "quay/quay-operator-rhel8", "product_name": "Red Hat Quay 3"}], "public_date": "2021-03-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-20329\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20329\nhttps://github.com/advisories/GHSA-f6mq-5m25-4r72\nhttps://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1"], "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object