{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-41722", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "state": "PUBLISHED", "assignerShortName": "Go", "dateReserved": "2022-09-28T17:00:06.610Z", "datePublished": "2023-02-28T17:19:41.324Z", "dateUpdated": "2024-08-03T12:49:43.602Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2023-06-12T19:05:50.152Z"}, "title": "Path traversal on Windows in path/filepath", "descriptions": [{"lang": "en", "value": "A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as \"a/../c:/b\" into the valid path \"c:\\b\". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path \".\\c:\\b\"."}], "affected": [{"vendor": "Go standard library", "product": "path/filepath", "collectionURL": "https://pkg.go.dev", "packageName": "path/filepath", "versions": [{"version": "0", "lessThan": "1.19.6", "status": "affected", "versionType": "semver"}, {"version": "1.20.0-0", "lessThan": "1.20.1", "status": "affected", "versionType": "semver"}], "platforms": ["windows"], "programRoutines": [{"name": "Clean"}, {"name": "Abs"}, {"name": "Dir"}, {"name": "EvalSymlinks"}, {"name": "Glob"}, {"name": "IsLocal"}, {"name": "Join"}, {"name": "Rel"}, {"name": "Walk"}, {"name": "WalkDir"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted\nDirectory (\"Path Traversal\")\n"}]}], "references": [{"url": "https://go.dev/issue/57274"}, {"url": "https://go.dev/cl/468123"}, {"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"}, {"url": "https://pkg.go.dev/vuln/GO-2023-1568"}], "credits": [{"lang": "en", "value": "RyotaK (https://ryotak.net)"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:49:43.602Z"}, "title": "CVE Program Container", "references": [{"url": "https://go.dev/issue/57274", "tags": ["x_transferred"]}, {"url": "https://go.dev/cl/468123", "tags": ["x_transferred"]}, {"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "tags": ["x_transferred"]}, {"url": "https://pkg.go.dev/vuln/GO-2023-1568", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "2219CF76-6D17-487E-9B67-BC49E4743528", "versionEndExcluding": "1.19.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:golang:go:1.20.0:-:*:*:*:*:*:*", "matchCriteriaId": "B78574DF-045C-4A26-B0F5-8C082B24D9FD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as \"a/../c:/b\" into the valid path \"c:\\b\". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path \".\\c:\\b\"."}], "id": "CVE-2022-41722", "lastModified": "2024-11-21T07:23:44.303", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-28T18:15:09.887", "references": [{"source": "security@golang.org", "tags": ["Issue Tracking"], "url": "https://go.dev/cl/468123"}, {"source": "security@golang.org", "tags": ["Issue Tracking"], "url": "https://go.dev/issue/57274"}, {"source": "security@golang.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"}, {"source": "security@golang.org", "tags": ["Vendor Advisory"], "url": "https://pkg.go.dev/vuln/GO-2023-1568"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://go.dev/cl/468123"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://go.dev/issue/57274"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://pkg.go.dev/vuln/GO-2023-1568"}], "sourceIdentifier": "security@golang.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:1325", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift-clients-0:4.13.0-202303241616.p0.g92b1a3d.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-18T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/cloud-network-config-controller-rhel8:v4.13.0-202305171615.p0.g71ccef5.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/network-tools-rhel8:v4.13.0-202305232329.p0.gb4098c6.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/oc-mirror-plugin-rhel8:v4.13.0-202305171615.p0.gaee430b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-agent-installer-api-server-rhel8:v4.13.0-202305190628.p0.g8db33db.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-agent-installer-node-agent-rhel8:v4.13.0-202305190628.p0.ge8de058.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.13.0-202305191154.p0.gb6dee5c.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-baremetal-installer-rhel8:v4.13.0-202305210316.p0.g2f227cc.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-baremetal-rhel8-operator:v4.13.0-202305190854.p0.gd17c8bc.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.13.0-202305211041.p0.gf0c1297.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-cloud-credential-operator:v4.13.0-202305171615.p0.gd3b5ffa.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-cluster-control-plane-machine-set-operator-rhel8:v4.13.0-202305230930.p0.g9740b7e.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-cluster-kube-controller-manager-operator:v4.13.0-202305220716.p0.g56b9707.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-cluster-monitoring-operator:v4.13.0-202305171454.p0.g1563f68.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-cluster-network-operator:v4.13.0-202305180328.p0.g3ed6bef.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-cluster-node-tuning-operator:v4.13.0-202305230128.p0.g7333da2.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-cluster-policy-controller-rhel8:v4.13.0-202305220329.p0.g4aa5ecd.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-cluster-storage-operator:v4.13.0-202305181415.p0.g6479617.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-console:v4.13.0-202305231941.p0.g6f58e08.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-console-operator:v4.13.0-202305231816.p0.gc5f3b24.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-docker-builder:v4.13.0-202305220716.p0.g72c106d.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-hypershift-rhel8:v4.13.0-202305181516.p0.g3f61d88.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-image-customization-controller-rhel8:v4.13.0-202305190628.p0.g8765166.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-insights-rhel8-operator:v4.13.0-202305171615.p0.g0babf2b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-installer:v4.13.0-202305202341.p0.g2f227cc.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-installer-artifacts:v4.13.0-202305210744.p0.g2f227cc.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-ironic-machine-os-downloader-rhel9:v4.13.0-202305191342.p0.g2ba6060.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-kube-proxy:v4.13.0-202305180130.p0.gd56dc6a.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-kuryr-cni-rhel8:v4.13.0-202305220716.p0.g3055dbe.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-machine-api-provider-aws-rhel8:v4.13.0-202305171741.p0.gba3b3a3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-machine-api-provider-azure-rhel8:v4.13.0-202305171615.p0.g2c0c0ec.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-machine-api-provider-openstack-rhel8:v4.13.0-202305171615.p0.g36f48b7.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-machine-config-operator:v4.13.0-202305231717.p0.g1ae3805.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-multus-cni:v4.13.0-202305232329.p0.g5d283fa.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-network-interface-bond-cni-rhel8:v4.13.0-202305180328.p0.g937b1e6.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-nutanix-cloud-controller-manager-rhel8:v4.13.0-202305171741.p0.g4d1c58e.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-operator-lifecycle-manager:v4.13.0-202305171615.p0.gce46f5b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-operator-registry:v4.13.0-202305171615.p0.gce46f5b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-ovn-kubernetes:v4.13.0-202305232329.p0.gdb0dbad.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-ovn-kubernetes-microshift-rhel9:v4.13.0-202305232329.p0.gdb0dbad.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-sdn-rhel8:v4.13.0-202305180130.p0.gd56dc6a.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-tests:v4.13.0-202305220716.p0.g893ae57.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-thanos-rhel8:v4.13.0-202305171615.p0.g43238be.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-vsphere-csi-driver-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3366", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "cri-o-0:1.26.3-7.rhaos4.13.gitec064c9.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-06-07T00:00:00Z"}, {"advisory": "RHSA-2023:3366", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "cri-tools-0:1.26.0-2.el9", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-06-07T00:00:00Z"}, {"advisory": "RHSA-2023:3366", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift-0:4.13.0-202305301919.p0.g0001a21.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-06-07T00:00:00Z"}, {"advisory": "RHSA-2023:3366", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift-clients-0:4.13.0-202305291355.p0.g1024efc.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-06-07T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/cloud-network-config-controller-rhel8:v4.13.0-202305171615.p0.g71ccef5.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/network-tools-rhel8:v4.13.0-202305232329.p0.gb4098c6.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/oc-mirror-plugin-rhel8:v4.13.0-202305171615.p0.gaee430b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-agent-installer-api-server-rhel8:v4.13.0-202305190628.p0.g8db33db.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-agent-installer-node-agent-rhel8:v4.13.0-202305190628.p0.ge8de058.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.13.0-202305191154.p0.gb6dee5c.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-baremetal-installer-rhel8:v4.13.0-202305210316.p0.g2f227cc.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-baremetal-rhel8-operator:v4.13.0-202305190854.p0.gd17c8bc.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.13.0-202305211041.p0.gf0c1297.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-cloud-credential-operator:v4.13.0-202305171615.p0.gd3b5ffa.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-cluster-control-plane-machine-set-operator-rhel8:v4.13.0-202305230930.p0.g9740b7e.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-cluster-kube-controller-manager-operator:v4.13.0-202305220716.p0.g56b9707.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-cluster-monitoring-operator:v4.13.0-202305171454.p0.g1563f68.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-cluster-network-operator:v4.13.0-202305180328.p0.g3ed6bef.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-cluster-node-tuning-operator:v4.13.0-202305230128.p0.g7333da2.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-cluster-policy-controller-rhel8:v4.13.0-202305220329.p0.g4aa5ecd.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-cluster-storage-operator:v4.13.0-202305181415.p0.g6479617.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-console:v4.13.0-202305231941.p0.g6f58e08.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-console-operator:v4.13.0-202305231816.p0.gc5f3b24.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-docker-builder:v4.13.0-202305220716.p0.g72c106d.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-hypershift-rhel8:v4.13.0-202305181516.p0.g3f61d88.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-image-customization-controller-rhel8:v4.13.0-202305190628.p0.g8765166.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-insights-rhel8-operator:v4.13.0-202305171615.p0.g0babf2b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-installer:v4.13.0-202305202341.p0.g2f227cc.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-installer-artifacts:v4.13.0-202305210744.p0.g2f227cc.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-ironic-machine-os-downloader-rhel9:v4.13.0-202305191342.p0.g2ba6060.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-kube-proxy:v4.13.0-202305180130.p0.gd56dc6a.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-kuryr-cni-rhel8:v4.13.0-202305220716.p0.g3055dbe.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-machine-api-provider-aws-rhel8:v4.13.0-202305171741.p0.gba3b3a3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-machine-api-provider-azure-rhel8:v4.13.0-202305171615.p0.g2c0c0ec.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-machine-api-provider-openstack-rhel8:v4.13.0-202305171615.p0.g36f48b7.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-machine-config-operator:v4.13.0-202305231717.p0.g1ae3805.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-multus-cni:v4.13.0-202305232329.p0.g5d283fa.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-network-interface-bond-cni-rhel8:v4.13.0-202305180328.p0.g937b1e6.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-nutanix-cloud-controller-manager-rhel8:v4.13.0-202305171741.p0.g4d1c58e.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-operator-lifecycle-manager:v4.13.0-202305171615.p0.gce46f5b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-operator-registry:v4.13.0-202305171615.p0.gce46f5b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-ovn-kubernetes:v4.13.0-202305232329.p0.gdb0dbad.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-ovn-kubernetes-microshift-rhel9:v4.13.0-202305232329.p0.gdb0dbad.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-sdn-rhel8:v4.13.0-202305180130.p0.gd56dc6a.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-tests:v4.13.0-202305220716.p0.g893ae57.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-thanos-rhel8:v4.13.0-202305171615.p0.g43238be.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-vsphere-csi-driver-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}], "bugzilla": {"description": "golang: path/filepath: path-filepath filepath.Clean path traversal", "id": "2203008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203008"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-22", "details": ["A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as \"a/../c:/b\" into the valid path \"c:\\b\". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path \".\\c:\\b\".", "A flaw was found in Go, where it could allow a remote attacker to traverse directories on the system, caused by improper validation of user requests by the filepath.Clean on Windows package. This flaw allows an attacker to send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."], "name": "CVE-2022-41722", "package_state": [{"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Not affected", "package_name": "cert-manager/cert-manager-operator-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cryostat:2", "fix_state": "Under investigation", "package_name": "cryostat-20-tech-preview/cryostat-rhel8-operator", "product_name": "Cryostat 2"}, {"cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2", "fix_state": "Not affected", "package_name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8", "product_name": "Custom Metric Autoscaler operator for Red Hat Openshift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/logging-loki-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:6", "fix_state": "Not affected", "package_name": "mta/mta-hub-rhel8", "product_name": "Migration Toolkit for Applications 6"}, {"cpe": "cpe:/a:redhat:rhmt", "fix_state": "Not affected", "package_name": "rhmtc/openshift-velero-plugin-rhel8", "product_name": "Migration Toolkit for Containers"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Not affected", "package_name": "migration-toolkit-virtualization/mtv-rhel8-operator", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:mirror_registry:1", "fix_state": "Not affected", "package_name": "mirror-registry-container", "product_name": "mirror registry for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:network_observ_optr:1", "fix_state": "Not affected", "package_name": "network-observability/network-observability-rhel8-operator", "product_name": "Network Observability Operator"}, {"cpe": "cpe:/a:redhat:workload_availability_node_healthcheck", "fix_state": "Not affected", "package_name": "workload-availability/node-healthcheck-rhel8-operator", "product_name": "Node HealthCheck Operator"}, {"cpe": "cpe:/a:redhat:workload_availability:4", "fix_state": "Not affected", "package_name": "node-maintenance-operator-container", "product_name": "Node Maintenance Operator"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Not affected", "package_name": "oadp/oadp-velero-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Not affected", "package_name": "openshift-pipelines-client", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:run_once_duration_override_operator:1", "fix_state": "Not affected", "package_name": "run-once-duration-override-operator/run-once-duration-override-rhel8", "product_name": "OpenShift Run Once Duration Override Operator"}, {"cpe": "cpe:/a:redhat:openshift_secondary_scheduler:1", "fix_state": "Not affected", "package_name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8", "product_name": "OpenShift Secondary Scheduler Operator"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/client-kn-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-clients", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Not affected", "package_name": "openshift-golang-builder-container", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Not affected", "package_name": "3scale-operator-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/subctl-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "openshift-clients", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "receptor", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:application_interconnect:1.0", "fix_state": "Not affected", "package_name": "qpid-proton", "product_name": "Red Hat Application Interconnect 1.0"}, {"cpe": "cpe:/a:redhat:application_interconnect:1.0", "fix_state": "Not affected", "package_name": "skupper-cli", "product_name": "Red Hat Application Interconnect 1.0"}, {"cpe": "cpe:/a:redhat:application_interconnect:1.0", "fix_state": "Not affected", "package_name": "skupper-router", "product_name": "Red Hat Application Interconnect 1.0"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Not affected", "package_name": "golang", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Not affected", "package_name": "rhceph/rhceph-5-dashboard-rhel8", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/a:redhat:devtools:", "fix_state": "Not affected", "package_name": "go-toolset-1.19-golang", "product_name": "Red Hat Developer Tools"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:3.0/buildah", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:3.0/conmon", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:3.0/containernetworking-plugins", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:3.0/oci-seccomp-bpf-hook", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:3.0/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:3.0/runc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:3.0/skopeo", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:3.0/toolbox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/buildah", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/conmon", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/containernetworking-plugins", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/oci-seccomp-bpf-hook", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/runc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/skopeo", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/toolbox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:rhel8/buildah", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:rhel8/conmon", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:rhel8/containernetworking-plugins", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:rhel8/oci-seccomp-bpf-hook", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:rhel8/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:rhel8/runc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:rhel8/skopeo", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:rhel8/toolbox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "git-lfs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "go-toolset:rhel8/golang", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "grafana-pcp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "osbuild-composer", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "rsyslog", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "weldr-client", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "buildah", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "butane", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "conmon", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "containernetworking-plugins", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "git-lfs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "golang", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "grafana-pcp", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "ignition", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "oci-seccomp-bpf-hook", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "osbuild-composer", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "podman", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "rsyslog", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "runc", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "skopeo", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "weldr-client", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "buildah", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "butane", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "conmon", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "conmon-rs", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "containernetworking-plugins", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "ignition", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "microshift", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "podman", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "skopeo", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "mcg", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/cephcsi-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Not affected", "package_name": "rhods/odh-mm-rest-proxy-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Not affected", "package_name": "devspaces/udi-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-agent-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Not affected", "package_name": "openshift-gitops-1/gitops-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Not affected", "package_name": "openshift-gitops-kam", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_service_on_aws:1", "fix_state": "Not affected", "package_name": "rosa", "product_name": "Red Hat OpenShift on AWS"}, {"cpe": "cpe:/a:redhat:openshift_sandboxed_containers:1", "fix_state": "Not affected", "package_name": "openshift-sandboxed-containers-tech-preview/osc-rhel8-operator", "product_name": "Red Hat Openshift sandboxed containers"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "kubevirt", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "openshift-golang-builder-container", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "collectd-libpod-stats", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "etcd", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "golang-github-infrawatch-apputils", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "golang-qpid-apache", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "qpid-proton", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "rhosp-rhel8/osp-director-agent", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.0", "fix_state": "Not affected", "package_name": "collectd-libpod-stats", "product_name": "Red Hat OpenStack Platform 17.0"}, {"cpe": "cpe:/a:redhat:openstack:17.0", "fix_state": "Not affected", "package_name": "etcd", "product_name": "Red Hat OpenStack Platform 17.0"}, {"cpe": "cpe:/a:redhat:openstack:17.0", "fix_state": "Not affected", "package_name": "golang-github-infrawatch-apputils", "product_name": "Red Hat OpenStack Platform 17.0"}, {"cpe": "cpe:/a:redhat:openstack:17.0", "fix_state": "Not affected", "package_name": "golang-qpid-apache", "product_name": "Red Hat OpenStack Platform 17.0"}, {"cpe": "cpe:/a:redhat:openstack:17.0", "fix_state": "Not affected", "package_name": "qpid-proton", "product_name": "Red Hat OpenStack Platform 17.0"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Not affected", "package_name": "quay/clair-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "qpid-proton", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "yggdrasil-worker-forwarder", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "golang", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "go-toolset-7-golang", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "heketi", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:webterminal:1", "fix_state": "Not affected", "package_name": "web-terminal-operator-container", "product_name": "Red Hat Web Terminal"}, {"cpe": "cpe:/a:redhat:workload_availability_self_node_remediation", "fix_state": "Not affected", "package_name": "workload-availability/self-node-remediation-rhel8-operator", "product_name": "Self Node Remediation Operator"}, {"cpe": "cpe:/a:redhat:service_telemetry_framework:1.4::el8", "fix_state": "Not affected", "package_name": "stf/sg-core-rhel8", "product_name": "Service Telemetry Framework 1.4 for RHEL 8"}, {"cpe": "cpe:/a:redhat:service_telemetry_framework:1.5::el8", "fix_state": "Not affected", "package_name": "stf/sg-core-rhel8", "product_name": "Service Telemetry Framework 1.5 for RHEL 8"}], "public_date": "2023-02-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-41722\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-41722"], "statement": "This CVE is specific to versions of Go on Windows. It does not affect any packages shipped with Red Hat Enterprise Linux 8 and Red Hat Enterprise Linux 9.\nThe following components were fixed in RHSA-2023:3366 and have therefore been marked as \"Not Affected\": `openshift`, `cri-tools`, `cri-o`, `containernetworking-plugins` and `conmon`", "threat_severity": "Moderate", "upstream_fix": "Go 1.20.1, Go 1.19.6"}