CVE-2021-4238 - Vulnerability Details

Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Goutils Project	Goutils
Redhat	Openshift Openshift Data Foundation Openshift Gitops Service Mesh

Configuration 1 [-]

cpe:2.3:a:goutils_project:goutils:*:*:*:*:*:go:*:*

Package	CPE	Advisory	Released Date
OpenShift Service Mesh 2.1
servicemesh-0:2.1.6-1.el8	cpe:/a:redhat:service_mesh:2.1::el8	RHSA-2023:0540	2023-01-30T00:00:00Z
servicemesh-operator-0:2.1.6-1.el8	cpe:/a:redhat:service_mesh:2.1::el8	RHSA-2023:0540	2023-01-30T00:00:00Z
Red Hat OpenShift Container Platform 4.10
openshift4/ose-cluster-network-operator:v4.10.0-202301310115.p0.gdc0a59a.assembly.stream	cpe:/a:redhat:openshift:4.10::el8	RHSA-2023:0561	2023-02-08T00:00:00Z
openshift4/ose-installer:v4.10.0-202302161028.p0.g8862860.assembly.stream	cpe:/a:redhat:openshift:4.10::el8	RHSA-2023:0899	2023-03-01T00:00:00Z
openshift4/ose-machine-config-operator:v4.10.0-202303032215.p0.ga21b2b8.assembly.stream	cpe:/a:redhat:openshift:4.10::el8	RHSA-2023:1154	2023-03-16T00:00:00Z
openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.10.0-202303162241.p0.g68b1665.assembly.stream	cpe:/a:redhat:openshift:4.10::el8	RHSA-2023:1393	2023-03-29T00:00:00Z
Red Hat OpenShift Container Platform 4.11
openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202301191245.p0.g4ffdd2f.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2023:0565	2023-02-07T00:00:00Z
openshift4/ose-image-customization-controller-rhel8:v4.11.0-202301252336.p0.ge0e3979.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2023:0565	2023-02-07T00:00:00Z
openshift4/ose-machine-config-operator:v4.11.0-202302071115.p0.gc101063.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2023:0651	2023-02-15T00:00:00Z
openshift4/ose-installer:v4.11.0-202302130454.p0.g59d1196.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2023:0774	2023-02-21T00:00:00Z
openshift4/dpu-network-rhel8-operator:v4.11.0-202302282354.p0.g7183b08.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2023:1159	2023-03-14T00:00:00Z
openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.11.0-202303151654.p0.g4695e71.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2023:1297	2023-03-22T00:00:00Z
Red Hat OpenShift Container Platform 4.12
openshift4/ose-image-customization-controller-rhel8:v4.12.0-202301171655.p0.g27777d0.assembly.stream	cpe:/a:redhat:openshift:4.12::el8	RHSA-2023:0449	2023-01-30T00:00:00Z
openshift4/ose-machine-config-operator:v4.12.0-202301262025.p0.ge3dc943.assembly.stream	cpe:/a:redhat:openshift:4.12::el8	RHSA-2023:0569	2023-02-07T00:00:00Z
openshift4/ose-installer:v4.12.0-202302080355.p0.gb8d2457.assembly.stream	cpe:/a:redhat:openshift:4.12::el8	RHSA-2023:0728	2023-02-16T00:00:00Z
openshift4/dpu-network-rhel8-operator:v4.12.0-202302111028.p0.gb6124a7.assembly.stream	cpe:/a:redhat:openshift:4.12::el8	RHSA-2023:0770	2023-02-20T00:00:00Z
openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.12.0-202303081941.p0.gc56075a.assembly.stream	cpe:/a:redhat:openshift:4.12::el8	RHSA-2023:1270	2023-03-21T00:00:00Z
Red Hat OpenShift Container Platform 4.13
openshift4/ose-image-customization-controller-rhel8:v4.13.0-202304260928.p0.g8765166.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:1326	2023-05-17T00:00:00Z
openshift4/ose-installer:v4.13.0-202305091542.p0.g44db7b2.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:1326	2023-05-17T00:00:00Z
openshift4/ose-machine-config-operator:v4.13.0-202304251516.p0.g70aa0a5.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:1326	2023-05-17T00:00:00Z
Red Hat OpenShift Container Platform 4.9
openshift4/ose-cluster-network-operator:v4.9.0-202301301454.p0.gbb98961.assembly.stream	cpe:/a:redhat:openshift:4.9::el8	RHSA-2023:0574	2023-02-13T00:00:00Z
Red Hat OpenShift GitOps 1.5
openshift-gitops-1/applicationset-rhel8:v1.5.10-6	cpe:/a:redhat:openshift_gitops:1.5::el8	RHSA-2023:0804	2023-02-17T00:00:00Z
openshift-gitops-1/argocd-rhel8:v1.5.10-6	cpe:/a:redhat:openshift_gitops:1.5::el8	RHSA-2023:0804	2023-02-17T00:00:00Z
openshift-gitops-1/dex-rhel8:v1.5.10-6	cpe:/a:redhat:openshift_gitops:1.5::el8	RHSA-2023:0804	2023-02-17T00:00:00Z
openshift-gitops-1/gitops-rhel8-operator:v1.5.10-6	cpe:/a:redhat:openshift_gitops:1.5::el8	RHSA-2023:0804	2023-02-17T00:00:00Z
openshift-gitops-1/kam-delivery-rhel8:v1.5.10-6	cpe:/a:redhat:openshift_gitops:1.5::el8	RHSA-2023:0804	2023-02-17T00:00:00Z
Red Hat OpenShift GitOps 1.6
openshift-gitops-1/argocd-rhel8:v1.6.5-5	cpe:/a:redhat:openshift_gitops:1.6::el8	RHSA-2023:0802	2023-02-17T00:00:00Z
openshift-gitops-1/dex-rhel8:v1.6.5-5	cpe:/a:redhat:openshift_gitops:1.6::el8	RHSA-2023:0802	2023-02-17T00:00:00Z
openshift-gitops-1/gitops-rhel8-operator:v1.6.5-5	cpe:/a:redhat:openshift_gitops:1.6::el8	RHSA-2023:0802	2023-02-17T00:00:00Z
openshift-gitops-1/kam-delivery-rhel8:v1.6.5-5	cpe:/a:redhat:openshift_gitops:1.6::el8	RHSA-2023:0802	2023-02-17T00:00:00Z
Red Hat OpenShift GitOps 1.7
openshift-gitops-1/argocd-rhel8:v1.7.2-5	cpe:/a:redhat:openshift_gitops:1.7::el8	RHSA-2023:0803	2023-02-17T00:00:00Z
openshift-gitops-1/dex-rhel8:v1.7.2-5	cpe:/a:redhat:openshift_gitops:1.7::el8	RHSA-2023:0803	2023-02-17T00:00:00Z
openshift-gitops-1/gitops-rhel8-operator:v1.7.2-5	cpe:/a:redhat:openshift_gitops:1.7::el8	RHSA-2023:0803	2023-02-17T00:00:00Z
openshift-gitops-1/kam-delivery-rhel8:v1.7.2-5	cpe:/a:redhat:openshift_gitops:1.7::el8	RHSA-2023:0803	2023-02-17T00:00:00Z
Red Hat OpenShift Service Mesh 2.3 for RHEL 8
openshift-service-mesh/istio-rhel8-operator:2.3.1-10	cpe:/a:redhat:service_mesh:2.3::el8	RHSA-2023:0542	2023-01-30T00:00:00Z
RHODF-4.12-RHEL-8
odf4/mcg-rhel8-operator:v4.12.1-4	cpe:/a:redhat:openshift_data_foundation:4.12::el8	RHSA-2023:1170	2023-03-08T00:00:00Z
RHODF-4.13-RHEL-9
odf4/mcg-rhel9-operator:v4.13.0-41	cpe:/a:redhat:openshift_data_foundation:4.13::el9	RHSA-2023:3742	2023-06-21T00:00:00Z

References

Link	Providers
https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1
https://github.com/advisories/GHSA-3839-6r69-m497
https://nvd.nist.gov/vuln/detail/CVE-2021-4238
https://pkg.go.dev/vuln/GO-2022-0411
https://www.cve.org/CVERecord?id=CVE-2021-4238

History

Fri, 11 Apr 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Go

Published: 2022-12-27T21:13:50.373Z

Updated: 2025-04-11T16:17:46.299Z

Reserved: 2022-07-29T19:56:49.058Z

Link: CVE-2021-4238

Vulnrichment

Updated: 2024-08-03T17:23:10.165Z

NVD

Status : Modified

Published: 2022-12-27T22:15:12.073

Modified: 2025-04-11T17:15:35.883

Link: CVE-2021-4238

Redhat

Severity : Important

Publid Date: 2022-12-27T00:00:00Z

Links: CVE-2021-4238 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-4238", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "state": "PUBLISHED", "assignerShortName": "Go", "dateReserved": "2022-07-29T19:56:49.058Z", "datePublished": "2022-12-27T21:13:50.373Z", "dateUpdated": "2025-04-11T16:17:46.299Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2023-06-12T19:04:16.468Z"}, "title": "Insufficient randomness in github.com/Masterminds/goutils", "descriptions": [{"lang": "en", "value": "Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions."}], "affected": [{"vendor": "github.com/Masterminds/goutils", "product": "github.com/Masterminds/goutils", "collectionURL": "https://pkg.go.dev", "packageName": "github.com/Masterminds/goutils", "versions": [{"version": "0", "lessThan": "1.1.1", "status": "affected", "versionType": "semver"}], "programRoutines": [{"name": "RandomAlphaNumeric"}, {"name": "CryptoRandomAlphaNumeric"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE 330: Use of Insufficiently Random Values"}]}], "references": [{"url": "https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1"}, {"url": "https://pkg.go.dev/vuln/GO-2022-0411"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:23:10.165Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1", "tags": ["x_transferred"]}, {"url": "https://pkg.go.dev/vuln/GO-2022-0411", "tags": ["x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-11T16:17:07.316383Z", "id": "CVE-2021-4238", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-11T16:17:46.299Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1", "tags": ["x_transferred"]}, {"url": "https://pkg.go.dev/vuln/GO-2022-0411", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:23:10.165Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-4238", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-11T16:17:07.316383Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-11T16:17:38.948Z"}}], "cna": {"title": "Insufficient randomness in github.com/Masterminds/goutils", "affected": [{"vendor": "github.com/Masterminds/goutils", "product": "github.com/Masterminds/goutils", "versions": [{"status": "affected", "version": "0", "lessThan": "1.1.1", "versionType": "semver"}], "packageName": "github.com/Masterminds/goutils", "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "programRoutines": [{"name": "RandomAlphaNumeric"}, {"name": "CryptoRandomAlphaNumeric"}]}], "references": [{"url": "https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1"}, {"url": "https://pkg.go.dev/vuln/GO-2022-0411"}], "descriptions": [{"lang": "en", "value": "Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE 330: Use of Insufficiently Random Values"}]}], "providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2023-06-12T19:04:16.468Z"}}}, "cveMetadata": {"cveId": "CVE-2021-4238", "state": "PUBLISHED", "dateUpdated": "2025-04-11T16:17:46.299Z", "dateReserved": "2022-07-29T19:56:49.058Z", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "datePublished": "2022-12-27T21:13:50.373Z", "assignerShortName": "Go"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:goutils_project:goutils:*:*:*:*:*:go:*:*", "matchCriteriaId": "92BD6F91-B4BD-48C8-9897-E8A09CDAFCFF", "versionEndExcluding": "1.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions."}, {"lang": "es", "value": "Las cadenas alfanum\u00e9ricas generadas aleatoriamente contienen significativamente menos entrop\u00eda de la esperada. Las funciones RandomAlphaNumeric y CryptoRandomAlphaNumeric siempre devuelven cadenas que contienen al menos un d\u00edgito del 0 al 9. Esto reduce significativamente la cantidad de entrop\u00eda en cadenas cortas generadas por estas funciones."}], "id": "CVE-2021-4238", "lastModified": "2025-04-11T17:15:35.883", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-12-27T22:15:12.073", "references": [{"source": "security@golang.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1"}, {"source": "security@golang.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://pkg.go.dev/vuln/GO-2022-0411"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://pkg.go.dev/vuln/GO-2022-0411"}], "sourceIdentifier": "security@golang.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-331"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:0540", "cpe": "cpe:/a:redhat:service_mesh:2.1::el8", "package": "servicemesh-0:2.1.6-1.el8", "product_name": "OpenShift Service Mesh 2.1", "release_date": "2023-01-30T00:00:00Z"}, {"advisory": "RHSA-2023:0540", "cpe": "cpe:/a:redhat:service_mesh:2.1::el8", "package": "servicemesh-operator-0:2.1.6-1.el8", "product_name": "OpenShift Service Mesh 2.1", "release_date": "2023-01-30T00:00:00Z"}, {"advisory": "RHSA-2023:0561", "cpe": "cpe:/a:redhat:openshift:4.10::el8", "package": "openshift4/ose-cluster-network-operator:v4.10.0-202301310115.p0.gdc0a59a.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.10", "release_date": "2023-02-08T00:00:00Z"}, {"advisory": "RHSA-2023:0899", "cpe": "cpe:/a:redhat:openshift:4.10::el8", "package": "openshift4/ose-installer:v4.10.0-202302161028.p0.g8862860.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.10", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHSA-2023:1154", "cpe": "cpe:/a:redhat:openshift:4.10::el8", "package": "openshift4/ose-machine-config-operator:v4.10.0-202303032215.p0.ga21b2b8.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.10", "release_date": "2023-03-16T00:00:00Z"}, {"advisory": "RHSA-2023:1393", "cpe": "cpe:/a:redhat:openshift:4.10::el8", "package": "openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.10.0-202303162241.p0.g68b1665.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.10", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:0565", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202301191245.p0.g4ffdd2f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2023-02-07T00:00:00Z"}, {"advisory": "RHSA-2023:0565", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-image-customization-controller-rhel8:v4.11.0-202301252336.p0.ge0e3979.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2023-02-07T00:00:00Z"}, {"advisory": "RHSA-2023:0651", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-machine-config-operator:v4.11.0-202302071115.p0.gc101063.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0774", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-installer:v4.11.0-202302130454.p0.g59d1196.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2023-02-21T00:00:00Z"}, {"advisory": "RHSA-2023:1159", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/dpu-network-rhel8-operator:v4.11.0-202302282354.p0.g7183b08.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2023-03-14T00:00:00Z"}, {"advisory": "RHSA-2023:1297", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.11.0-202303151654.p0.g4695e71.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2023-03-22T00:00:00Z"}, {"advisory": "RHSA-2023:0449", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-image-customization-controller-rhel8:v4.12.0-202301171655.p0.g27777d0.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2023-01-30T00:00:00Z"}, {"advisory": "RHSA-2023:0569", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-machine-config-operator:v4.12.0-202301262025.p0.ge3dc943.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2023-02-07T00:00:00Z"}, {"advisory": "RHSA-2023:0728", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-installer:v4.12.0-202302080355.p0.gb8d2457.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2023-02-16T00:00:00Z"}, {"advisory": "RHSA-2023:0770", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/dpu-network-rhel8-operator:v4.12.0-202302111028.p0.gb6124a7.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2023-02-20T00:00:00Z"}, {"advisory": "RHSA-2023:1270", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.12.0-202303081941.p0.gc56075a.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2023-03-21T00:00:00Z"}, {"advisory": "RHSA-2023:1326", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-image-customization-controller-rhel8:v4.13.0-202304260928.p0.g8765166.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-17T00:00:00Z"}, {"advisory": "RHSA-2023:1326", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-installer:v4.13.0-202305091542.p0.g44db7b2.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-17T00:00:00Z"}, {"advisory": "RHSA-2023:1326", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-machine-config-operator:v4.13.0-202304251516.p0.g70aa0a5.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-17T00:00:00Z"}, {"advisory": "RHSA-2023:0574", "cpe": "cpe:/a:redhat:openshift:4.9::el8", "package": "openshift4/ose-cluster-network-operator:v4.9.0-202301301454.p0.gbb98961.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.9", "release_date": "2023-02-13T00:00:00Z"}, {"advisory": "RHSA-2023:0804", "cpe": "cpe:/a:redhat:openshift_gitops:1.5::el8", "package": "openshift-gitops-1/applicationset-rhel8:v1.5.10-6", "product_name": "Red Hat OpenShift GitOps 1.5", "release_date": "2023-02-17T00:00:00Z"}, {"advisory": "RHSA-2023:0804", "cpe": "cpe:/a:redhat:openshift_gitops:1.5::el8", "package": "openshift-gitops-1/argocd-rhel8:v1.5.10-6", "product_name": "Red Hat OpenShift GitOps 1.5", "release_date": "2023-02-17T00:00:00Z"}, {"advisory": "RHSA-2023:0804", "cpe": "cpe:/a:redhat:openshift_gitops:1.5::el8", "package": "openshift-gitops-1/dex-rhel8:v1.5.10-6", "product_name": "Red Hat OpenShift GitOps 1.5", "release_date": "2023-02-17T00:00:00Z"}, {"advisory": "RHSA-2023:0804", "cpe": "cpe:/a:redhat:openshift_gitops:1.5::el8", "package": "openshift-gitops-1/gitops-rhel8-operator:v1.5.10-6", "product_name": "Red Hat OpenShift GitOps 1.5", "release_date": "2023-02-17T00:00:00Z"}, {"advisory": "RHSA-2023:0804", "cpe": "cpe:/a:redhat:openshift_gitops:1.5::el8", "package": "openshift-gitops-1/kam-delivery-rhel8:v1.5.10-6", "product_name": "Red Hat OpenShift GitOps 1.5", "release_date": "2023-02-17T00:00:00Z"}, {"advisory": "RHSA-2023:0802", "cpe": "cpe:/a:redhat:openshift_gitops:1.6::el8", "package": "openshift-gitops-1/argocd-rhel8:v1.6.5-5", "product_name": "Red Hat OpenShift GitOps 1.6", "release_date": "2023-02-17T00:00:00Z"}, {"advisory": "RHSA-2023:0802", "cpe": "cpe:/a:redhat:openshift_gitops:1.6::el8", "package": "openshift-gitops-1/dex-rhel8:v1.6.5-5", "product_name": "Red Hat OpenShift GitOps 1.6", "release_date": "2023-02-17T00:00:00Z"}, {"advisory": "RHSA-2023:0802", "cpe": "cpe:/a:redhat:openshift_gitops:1.6::el8", "package": "openshift-gitops-1/gitops-rhel8-operator:v1.6.5-5", "product_name": "Red Hat OpenShift GitOps 1.6", "release_date": "2023-02-17T00:00:00Z"}, {"advisory": "RHSA-2023:0802", "cpe": "cpe:/a:redhat:openshift_gitops:1.6::el8", "package": "openshift-gitops-1/kam-delivery-rhel8:v1.6.5-5", "product_name": "Red Hat OpenShift GitOps 1.6", "release_date": "2023-02-17T00:00:00Z"}, {"advisory": "RHSA-2023:0803", "cpe": "cpe:/a:redhat:openshift_gitops:1.7::el8", "package": "openshift-gitops-1/argocd-rhel8:v1.7.2-5", "product_name": "Red Hat OpenShift GitOps 1.7", "release_date": "2023-02-17T00:00:00Z"}, {"advisory": "RHSA-2023:0803", "cpe": "cpe:/a:redhat:openshift_gitops:1.7::el8", "package": "openshift-gitops-1/dex-rhel8:v1.7.2-5", "product_name": "Red Hat OpenShift GitOps 1.7", "release_date": "2023-02-17T00:00:00Z"}, {"advisory": "RHSA-2023:0803", "cpe": "cpe:/a:redhat:openshift_gitops:1.7::el8", "package": "openshift-gitops-1/gitops-rhel8-operator:v1.7.2-5", "product_name": "Red Hat OpenShift GitOps 1.7", "release_date": "2023-02-17T00:00:00Z"}, {"advisory": "RHSA-2023:0803", "cpe": "cpe:/a:redhat:openshift_gitops:1.7::el8", "package": "openshift-gitops-1/kam-delivery-rhel8:v1.7.2-5", "product_name": "Red Hat OpenShift GitOps 1.7", "release_date": "2023-02-17T00:00:00Z"}, {"advisory": "RHSA-2023:0542", "cpe": "cpe:/a:redhat:service_mesh:2.3::el8", "package": "openshift-service-mesh/istio-rhel8-operator:2.3.1-10", "product_name": "Red Hat OpenShift Service Mesh 2.3 for RHEL 8", "release_date": "2023-01-30T00:00:00Z"}, {"advisory": "RHSA-2023:1170", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.12::el8", "package": "odf4/mcg-rhel8-operator:v4.12.1-4", "product_name": "RHODF-4.12-RHEL-8", "release_date": "2023-03-08T00:00:00Z"}, {"advisory": "RHSA-2023:3742", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.13::el9", "package": "odf4/mcg-rhel9-operator:v4.13.0-41", "product_name": "RHODF-4.13-RHEL-9", "release_date": "2023-06-21T00:00:00Z"}], "bugzilla": {"description": "goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be", "id": "2156729", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156729"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "status": "verified"}, "cwe": "CWE-331", "details": ["Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.", "A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functions."], "name": "CVE-2021-4238", "package_state": [{"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Not affected", "package_name": "cert-manager/jetstack-cert-manager-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cryostat:2", "fix_state": "Not affected", "package_name": "cryostat-tech-preview/cryostat-rhel8-operator", "product_name": "Cryostat 2"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/logging-loki-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/lokistack-gateway-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Affected", "package_name": "helm", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Affected", "package_name": "jenkins-operator-container", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Fix deferred", "impact": "low", "package_name": "openshift-serverless-1/client-kn-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Fix deferred", "impact": "low", "package_name": "openshift-serverless-1/ingress-rhel8-operator", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Fix deferred", "impact": "low", "package_name": "openshift-serverless-1-knative-client-plugin-event-sender-rhel8-container", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Fix deferred", "impact": "low", "package_name": "openshift-serverless-1/serving-queue-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Not affected", "package_name": "openshift-service-mesh/istio-cni-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-operator-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "acm-multicluster-globalhub-agent-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/acm-cluster-proxy-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/acm-governance-policy-addon-controller-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/acm-governance-policy-framework-addon-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/acm-grafana-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/acm-search-indexer-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/acm-search-v2-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/acm-volsync-addon-controller-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/cert-policy-controller-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/config-policy-controller-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/governance-policy-propagator-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/governance-policy-spec-sync-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/governance-policy-status-sync-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/governance-policy-template-sync-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/iam-policy-controller-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/multiclusterhub-repo-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/multiclusterhub-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/multicluster-operators-application-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/multicluster-operators-channel-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/multicluster-operators-subscription-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/rbac-query-proxy-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/search-aggregator-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/search-collector-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/search-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-scanner-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform", "fix_state": "Not affected", "package_name": "helm", "product_name": "Red Hat Ansible Automation Platform 1.2"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/bare-metal-event-relay-operator-bundle", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/bare-metal-event-relay-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/cnf-tests-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/kubernetes-nmstate-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/metallb-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/metallb-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/oc-mirror-plugin-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-agent-installer-api-server-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-agent-installer-csr-approver-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-alibaba-cloud-controller-manager-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-aws-cluster-api-controllers-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-azure-cluster-api-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-capi-operator-container-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-capi-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-node-tuning-rhel9-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-platform-operators-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-docker-builder", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-gcp-cluster-api-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-gcp-filestore-csi-driver-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-grafana", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-hypershift-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-ibmcloud-cluster-api-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-local-storage-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-machine-api-provider-openstack-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-metering-ansible-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-metering-helm-container-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-olm-rukpak-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-openshift-apiserver-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-openshift-controller-manager-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-operator-marketplace", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-operator-registry-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-operator-sdk-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-ptp", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-ptp-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-sriov-network-webhook", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-vsphere-cluster-api-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ptp-must-gather-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/special-resource-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/topology-aware-lifecycle-manager-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4-wincw/windows-machine-config-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ztp-site-generate-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift-compliance-openscap-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift-security-profiles-operator-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift-tech-preview/metallb-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "ose-ingress-node-firewall-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "poison-pill-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "redhat/redhat-operator-index", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:assisted_installer:", "fix_state": "Affected", "package_name": "rhai-tech-preview/assisted-installer-agent-rhel8", "product_name": "Red Hat OpenShift Container Platform Assisted Installer"}, {"cpe": "cpe:/a:redhat:assisted_installer:", "fix_state": "Affected", "package_name": "rhai-tech-preview/assisted-installer-rhel8", "product_name": "Red Hat OpenShift Container Platform Assisted Installer"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "ocs4/mcg-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Not affected", "package_name": "ocs4/ocs-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Not affected", "package_name": "ocs4/rook-ceph-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/ocs-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/odf-csi-addons-sidecar-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/odf-lvm-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-multicluster-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/odr-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/rook-ceph-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Affected", "package_name": "devspaces/traefik-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_sandboxed_containers:1", "fix_state": "Affected", "package_name": "openshift-sandboxed-containers/osc-rhel8-operator", "product_name": "Red Hat Openshift Sandboxed Containers"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "container-native-virtualization/cluster-network-addons-operator", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "rhosp-rhel8/osp-director-agent", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-bridge-operator-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-openshift-bridge-rhel8-operator", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:workload_availability_self_node_remediation", "fix_state": "Not affected", "package_name": "workload-availability/self-node-remediation-rhel8-operator", "product_name": "Self Node Remediation Operator"}], "public_date": "2022-12-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-4238\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4238\nhttps://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1\nhttps://github.com/advisories/GHSA-3839-6r69-m497\nhttps://pkg.go.dev/vuln/GO-2022-0411"], "threat_severity": "Important"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object