CVE-2023-37788 - Vulnerability Details

goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Goproxy Project	Goproxy
Redhat	Acm Openshift Openshift Data Foundation Openshift Gitops Openstack

Configuration 1 [-]

cpe:2.3:a:goproxy_project:goproxy:1.1:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9
rhacm2/acm-cli-rhel9:v2.12.0-17	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/acm-cluster-permission-rhel9:v2.12.0-13	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/acm-governance-policy-addon-controller-rhel9:v2.12.0-27	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/acm-governance-policy-framework-addon-rhel9:v2.12.0-20	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/acm-grafana-rhel9:v2.12.0-17	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/acm-multicluster-observability-addon-rhel9:v2.12.0-20	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/acm-must-gather-rhel9:v2.12.0-35	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/acm-operator-bundle:v2.12.0-114	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/acm-prometheus-config-reloader-rhel9:v2.12.0-16	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/acm-prometheus-rhel9:v2.12.0-16	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/acm-search-indexer-rhel9:v2.12.0-12	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/acm-search-v2-api-rhel9:v2.12.0-15	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/acm-search-v2-rhel9:v2.12.0-13	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/acm-siteconfig-rhel9:v2.12.0-24	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/acm-volsync-addon-controller-rhel9:v2.12.0-22	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/cert-policy-controller-rhel9:v2.12.0-22	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/cluster-backup-rhel9-operator:v2.12.0-37	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/config-policy-controller-rhel9:v2.12.0-31	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/console-rhel9:v2.12.0-68	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/endpoint-monitoring-rhel9-operator:v2.12.0-39	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/governance-policy-propagator-rhel9:v2.12.0-29	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/grafana-dashboard-loader-rhel9:v2.12.0-39	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/insights-client-rhel9:v2.12.0-18	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/insights-metrics-rhel9:v2.12.0-18	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/klusterlet-addon-controller-rhel9:v2.12.0-12	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/kube-rbac-proxy-rhel9:v2.12.0-13	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/kube-state-metrics-rhel9:v2.12.0-17	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/memcached-exporter-rhel9:v2.12.0-10	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/memcached-rhel9:v2.12.0-7	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/metrics-collector-rhel9:v2.12.0-39	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/multicloud-integrations-rhel9:v2.12.0-12	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/multiclusterhub-rhel9:v2.12.0-51	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/multicluster-observability-rhel9-operator:v2.12.0-39	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/multicluster-operators-application-rhel9:v2.12.0-14	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/multicluster-operators-channel-rhel9:v2.12.0-12	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/multicluster-operators-subscription-rhel9:v2.12.0-24	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/node-exporter-rhel9:v2.12.0-10	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/observatorium-rhel9:v2.12.0-16	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/observatorium-rhel9-operator:v2.12.0-17	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/prometheus-alertmanager-rhel9:v2.12.0-12	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/prometheus-rhel9:v2.12.0-14	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/rbac-query-proxy-rhel9:v2.12.0-39	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/search-collector-rhel9:v2.12.0-21	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/submariner-addon-rhel9:v2.12.0-24	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/thanos-receive-controller-rhel9:v2.12.0-13	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
rhacm2/thanos-rhel9:v2.12.0-18	cpe:/a:redhat:acm:2.12::el9	RHSA-2024:8974	2024-11-06T00:00:00Z
Red Hat OpenShift Container Platform 4.14
openshift4/ose-aws-ebs-csi-driver-rhel8:v4.14.0-202310201027.p0.g2e2e277.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-azure-disk-csi-driver-rhel8:v4.14.0-202310201027.p0.gb19eec1.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.14.0-202310201027.p0.g4db2f8a.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.14.0-202310201027.p0.g43838ae.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-azure-file-csi-driver-rhel8:v4.14.0-202310201027.p0.gf401f53.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-cluster-authentication-operator:v4.14.0-202310201027.p0.gbebf0fd.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-cluster-bootstrap:v4.14.0-202310201027.p0.g93fba13.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-cluster-config-operator:v4.14.0-202310201027.p0.gfa99c08.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.14.0-202310201027.p0.g5d8bae8.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-cluster-etcd-rhel8-operator:v4.14.0-202310201027.p0.ga30b074.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-cluster-kube-apiserver-operator:v4.14.0-202310201027.p0.g8b38d12.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.14.0-202310201027.p0.g332cb1c.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-cluster-openshift-apiserver-operator:v4.14.0-202310201027.p0.g00f7e4c.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-csi-driver-manila-rhel8-operator:v4.14.0-202310201027.p0.gea34192.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.14.0-202310201027.p0.g92376a4.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.14.0-202310201027.p0.gfaf68ed.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-insights-rhel8-operator:v4.14.0-202310201027.p0.g303ad01.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-kube-storage-version-migrator-rhel8:v4.14.0-202310201027.p0.g8558e14.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-machine-api-provider-openstack-rhel8:v4.14.0-202310201027.p0.g47ad284.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-network-metrics-daemon-rhel8:v4.14.0-202310201027.p0.g5fd1f2d.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-oauth-proxy:v4.14.0-202310201027.p0.g55e0cd1.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.14.0-202310201027.p0.g5e20bfc.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-powervs-block-csi-driver-operator-rhel8:v4.14.0-202310201027.p0.g48b56bb.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-powervs-block-csi-driver-rhel8:v4.14.0-202310201027.p0.ge9694ce.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-service-ca-operator:v4.14.0-202310201027.p0.g030a429.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.14.0-202310201027.p0.gf7afb64.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.14.0-202310201027.p0.gf7afb64.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5006	2023-10-31T00:00:00Z
openshift4/ose-aws-efs-csi-driver-rhel8-operator:v4.14.0-202310201027.p0.ge7d739f.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-csi-external-provisioner:v4.14.0-202310201027.p0.g78a710f.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-csi-external-provisioner-rhel8:v4.14.0-202310201027.p0.g78a710f.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-gcp-filestore-csi-driver-rhel8-operator:v4.14.0-202310201027.p0.g413ab3a.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-local-storage-operator:v4.14.0-202310201027.p0.gc41b6ba.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-sriov-dp-admission-controller:v4.14.0-202310201027.p0.g82a744e.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift4/ose-sriov-network-device-plugin:v4.14.0-202310201027.p0.g518f258.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5007	2023-10-31T00:00:00Z
openshift-0:4.14.0-202310210404.p0.gf67aeb3.assembly.stream.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
openshift4/ose-sriov-network-webhook:v4.14.0-202407292140.p0.g96c2605.assembly.stream.el8	cpe:/a:redhat:openshift:4.14::el8	RHSA-2024:4959	2024-08-07T00:00:00Z
openshift4/ose-agent-installer-node-agent-rhel9:v4.14.0-202409231809.p0.g4106eb4.assembly.stream.el9	cpe:/a:redhat:openshift:4.14::el9	RHSA-2024:7184	2024-10-03T00:00:00Z
Red Hat OpenShift Container Platform 4.15
openshift4/ose-agent-installer-csr-approver-rhel8:v4.15.0-202402151807.p0.g5305999.assembly.stream.el8	cpe:/a:redhat:openshift:4.15::el8	RHSA-2023:7198	2024-02-27T00:00:00Z
openshift4/ose-apiserver-network-proxy-rhel9:v4.15.0-202401261531.p0.gdc30b80.assembly.stream	cpe:/a:redhat:openshift:4.15::el8	RHSA-2023:7198	2024-02-27T00:00:00Z
openshift4/ose-vsphere-csi-driver-syncer-rhel9:v4.15.0-202401261531.p0.g74481e3.assembly.stream	cpe:/a:redhat:openshift:4.15::el8	RHSA-2023:7198	2024-02-27T00:00:00Z
openshift4/ose-agent-installer-node-agent-rhel9:v4.15.0-202405032206.p0.ga20e7ea.assembly.stream.el9	cpe:/a:redhat:openshift:4.15::el9	RHSA-2024:2773	2024-05-15T00:00:00Z
Red Hat OpenShift Container Platform 4.16
openshift4/ose-sriov-network-webhook-rhel9:v4.16.0-202407100107.p0.gb04c39c.assembly.stream.el9	cpe:/a:redhat:openshift:4.16::el9	RHSA-2024:4468	2024-07-16T00:00:00Z
Red Hat OpenShift GitOps 1.10
openshift-gitops-kam-0:1.10.0-34.el8	cpe:/a:redhat:openshift_gitops:1.10::el8	RHSA-2023:5407	2023-09-29T00:00:00Z
Red Hat OpenStack Platform 16.2
rhosp-rhel8/osp-director-agent:1.3.0-14	cpe:/a:redhat:openstack:16.2::el8	RHSA-2024:3479	2024-05-29T00:00:00Z
rhosp-rhel8/osp-director-downloader:1.3.0-14	cpe:/a:redhat:openstack:16.2::el8	RHSA-2024:3479	2024-05-29T00:00:00Z
rhosp-rhel8/osp-director-operator:1.3.0-12	cpe:/a:redhat:openstack:16.2::el8	RHSA-2024:3479	2024-05-29T00:00:00Z
rhosp-rhel8/osp-director-operator-bundle:1.3.0-26	cpe:/a:redhat:openstack:16.2::el8	RHSA-2024:3479	2024-05-29T00:00:00Z
RHODF-4.14-RHEL-9
odf4/rook-ceph-rhel9-operator:v4.14.0-71	cpe:/a:redhat:openshift_data_foundation:4.14::el9	RHSA-2023:6832	2023-11-08T00:00:00Z

References

Link	Providers
https://github.com/advisories/GHSA-4r8x-2p26-976p
https://github.com/elazarl/goproxy
https://github.com/elazarl/goproxy/issues/502
https://github.com/elazarl/goproxy/pull/507
https://nvd.nist.gov/vuln/detail/CVE-2023-37788
https://www.cve.org/CVERecord?id=CVE-2023-37788

History

Thu, 07 Nov 2024 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat acm
CPEs		cpe:/a:redhat:acm:2.12::el9
Vendors & Products		Redhat acm

Mon, 28 Oct 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 04 Oct 2024 14:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.14::el9

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-07-18T00:00:00

Updated: 2024-10-28T15:39:57.437Z

Reserved: 2023-07-10T00:00:00

Link: CVE-2023-37788

Vulnrichment

Updated: 2024-08-02T17:23:27.482Z

NVD

Status : Modified

Published: 2023-07-18T19:15:10.060

Modified: 2024-11-21T08:12:15.867

Link: CVE-2023-37788

Redhat

Severity : Moderate

Publid Date: 2023-07-18T00:00:00Z

Links: CVE-2023-37788 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-37788", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-28T15:39:57.437Z", "dateReserved": "2023-07-10T00:00:00", "datePublished": "2023-07-18T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-07-18T00:00:00"}, "descriptions": [{"lang": "en", "value": "goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/elazarl/goproxy"}, {"url": "https://github.com/elazarl/goproxy/issues/502"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:23:27.482Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/elazarl/goproxy", "tags": ["x_transferred"]}, {"url": "https://github.com/elazarl/goproxy/issues/502", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-28T15:39:45.820850Z", "id": "CVE-2023-37788", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-28T15:39:57.437Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/elazarl/goproxy", "tags": ["x_transferred"]}, {"url": "https://github.com/elazarl/goproxy/issues/502", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:23:27.482Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-37788", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-28T15:39:45.820850Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-28T15:39:53.287Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/elazarl/goproxy"}, {"url": "https://github.com/elazarl/goproxy/issues/502"}], "descriptions": [{"lang": "en", "value": "goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-07-18T00:00:00"}}}, "cveMetadata": {"cveId": "CVE-2023-37788", "state": "PUBLISHED", "dateUpdated": "2024-10-28T15:39:57.437Z", "dateReserved": "2023-07-10T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-07-18T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:goproxy_project:goproxy:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2191FE45-7A9D-4899-AAE8-C4C2844D46E6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors."}], "id": "CVE-2023-37788", "lastModified": "2024-11-21T08:12:15.867", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-18T19:15:10.060", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/elazarl/goproxy"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/elazarl/goproxy/issues/502"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/elazarl/goproxy"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/elazarl/goproxy/issues/502"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/acm-cli-rhel9:v2.12.0-17", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/acm-cluster-permission-rhel9:v2.12.0-13", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/acm-governance-policy-addon-controller-rhel9:v2.12.0-27", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/acm-governance-policy-framework-addon-rhel9:v2.12.0-20", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/acm-grafana-rhel9:v2.12.0-17", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/acm-multicluster-observability-addon-rhel9:v2.12.0-20", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/acm-must-gather-rhel9:v2.12.0-35", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/acm-operator-bundle:v2.12.0-114", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/acm-prometheus-config-reloader-rhel9:v2.12.0-16", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/acm-prometheus-rhel9:v2.12.0-16", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/acm-search-indexer-rhel9:v2.12.0-12", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/acm-search-v2-api-rhel9:v2.12.0-15", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/acm-search-v2-rhel9:v2.12.0-13", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/acm-siteconfig-rhel9:v2.12.0-24", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/acm-volsync-addon-controller-rhel9:v2.12.0-22", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/cert-policy-controller-rhel9:v2.12.0-22", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/cluster-backup-rhel9-operator:v2.12.0-37", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/config-policy-controller-rhel9:v2.12.0-31", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/console-rhel9:v2.12.0-68", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/endpoint-monitoring-rhel9-operator:v2.12.0-39", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/governance-policy-propagator-rhel9:v2.12.0-29", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/grafana-dashboard-loader-rhel9:v2.12.0-39", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/insights-client-rhel9:v2.12.0-18", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/insights-metrics-rhel9:v2.12.0-18", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/klusterlet-addon-controller-rhel9:v2.12.0-12", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/kube-rbac-proxy-rhel9:v2.12.0-13", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/kube-state-metrics-rhel9:v2.12.0-17", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/memcached-exporter-rhel9:v2.12.0-10", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/memcached-rhel9:v2.12.0-7", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/metrics-collector-rhel9:v2.12.0-39", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/multicloud-integrations-rhel9:v2.12.0-12", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/multiclusterhub-rhel9:v2.12.0-51", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/multicluster-observability-rhel9-operator:v2.12.0-39", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/multicluster-operators-application-rhel9:v2.12.0-14", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/multicluster-operators-channel-rhel9:v2.12.0-12", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/multicluster-operators-subscription-rhel9:v2.12.0-24", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/node-exporter-rhel9:v2.12.0-10", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/observatorium-rhel9:v2.12.0-16", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/observatorium-rhel9-operator:v2.12.0-17", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/prometheus-alertmanager-rhel9:v2.12.0-12", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/prometheus-rhel9:v2.12.0-14", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/rbac-query-proxy-rhel9:v2.12.0-39", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/search-collector-rhel9:v2.12.0-21", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/submariner-addon-rhel9:v2.12.0-24", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/thanos-receive-controller-rhel9:v2.12.0-13", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8974", "cpe": "cpe:/a:redhat:acm:2.12::el9", "package": "rhacm2/thanos-rhel9:v2.12.0-18", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.14.0-202310201027.p0.g2e2e277.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.14.0-202310201027.p0.gb19eec1.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.14.0-202310201027.p0.g4db2f8a.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.14.0-202310201027.p0.g43838ae.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-azure-file-csi-driver-rhel8:v4.14.0-202310201027.p0.gf401f53.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-authentication-operator:v4.14.0-202310201027.p0.gbebf0fd.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-bootstrap:v4.14.0-202310201027.p0.g93fba13.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-config-operator:v4.14.0-202310201027.p0.gfa99c08.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.14.0-202310201027.p0.g5d8bae8.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-etcd-rhel8-operator:v4.14.0-202310201027.p0.ga30b074.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-kube-apiserver-operator:v4.14.0-202310201027.p0.g8b38d12.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.14.0-202310201027.p0.g332cb1c.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-openshift-apiserver-operator:v4.14.0-202310201027.p0.g00f7e4c.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.14.0-202310201027.p0.gea34192.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.14.0-202310201027.p0.g92376a4.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.14.0-202310201027.p0.gfaf68ed.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-insights-rhel8-operator:v4.14.0-202310201027.p0.g303ad01.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.14.0-202310201027.p0.g8558e14.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-machine-api-provider-openstack-rhel8:v4.14.0-202310201027.p0.g47ad284.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-network-metrics-daemon-rhel8:v4.14.0-202310201027.p0.g5fd1f2d.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-oauth-proxy:v4.14.0-202310201027.p0.g55e0cd1.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.14.0-202310201027.p0.g5e20bfc.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-powervs-block-csi-driver-operator-rhel8:v4.14.0-202310201027.p0.g48b56bb.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-powervs-block-csi-driver-rhel8:v4.14.0-202310201027.p0.ge9694ce.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-service-ca-operator:v4.14.0-202310201027.p0.g030a429.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.14.0-202310201027.p0.gf7afb64.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.14.0-202310201027.p0.gf7afb64.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-aws-efs-csi-driver-rhel8-operator:v4.14.0-202310201027.p0.ge7d739f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-csi-external-provisioner:v4.14.0-202310201027.p0.g78a710f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-csi-external-provisioner-rhel8:v4.14.0-202310201027.p0.g78a710f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator:v4.14.0-202310201027.p0.g413ab3a.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-local-storage-operator:v4.14.0-202310201027.p0.gc41b6ba.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-sriov-dp-admission-controller:v4.14.0-202310201027.p0.g82a744e.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5007", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-sriov-network-device-plugin:v4.14.0-202310201027.p0.g518f258.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5009", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift-0:4.14.0-202310210404.p0.gf67aeb3.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2024:4959", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-sriov-network-webhook:v4.14.0-202407292140.p0.g96c2605.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:7184", "cpe": "cpe:/a:redhat:openshift:4.14::el9", "package": "openshift4/ose-agent-installer-node-agent-rhel9:v4.14.0-202409231809.p0.g4106eb4.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-10-03T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-agent-installer-csr-approver-rhel8:v4.15.0-202402151807.p0.g5305999.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-apiserver-network-proxy-rhel9:v4.15.0-202401261531.p0.gdc30b80.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-vsphere-csi-driver-syncer-rhel9:v4.15.0-202401261531.p0.g74481e3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2024:2773", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-agent-installer-node-agent-rhel9:v4.15.0-202405032206.p0.ga20e7ea.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-05-15T00:00:00Z"}, {"advisory": "RHSA-2024:4468", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-sriov-network-webhook-rhel9:v4.16.0-202407100107.p0.gb04c39c.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-16T00:00:00Z"}, {"advisory": "RHSA-2023:5407", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-kam-0:1.10.0-34.el8", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2023-09-29T00:00:00Z"}, {"advisory": "RHSA-2024:3479", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "rhosp-rhel8/osp-director-agent:1.3.0-14", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2024-05-29T00:00:00Z"}, {"advisory": "RHSA-2024:3479", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "rhosp-rhel8/osp-director-downloader:1.3.0-14", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2024-05-29T00:00:00Z"}, {"advisory": "RHSA-2024:3479", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "rhosp-rhel8/osp-director-operator:1.3.0-12", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2024-05-29T00:00:00Z"}, {"advisory": "RHSA-2024:3479", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "rhosp-rhel8/osp-director-operator-bundle:1.3.0-26", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2024-05-29T00:00:00Z"}, {"advisory": "RHSA-2023:6832", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.14::el9", "package": "odf4/rook-ceph-rhel9-operator:v4.14.0-71", "product_name": "RHODF-4.14-RHEL-9", "release_date": "2023-11-08T00:00:00Z"}], "bugzilla": {"description": "goproxy: Denial of service (DoS) via unspecified vectors.", "id": "2224245", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224245"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors.", "A flaw was found in goproxy, which is vulnerable to a denial of service caused by improper input validation. This flaw allows a remote attacker can cause the goproxy server to crash by sending a specially crafted HTTP request to the HTTPS page, replacing the path \"/\" with an asterisk \"*\"."], "name": "CVE-2023-37788", "package_state": [{"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Not affected", "package_name": "cert-manager/cert-manager-operator-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cryostat:2", "fix_state": "Not affected", "package_name": "cryostat-tech-preview/cryostat-rhel8-operator", "product_name": "Cryostat 2"}, {"cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2", "fix_state": "Not affected", "package_name": "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8", "product_name": "Custom Metric Autoscaler operator for Red Hat Openshift"}, {"cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2", "fix_state": "Not affected", "package_name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator", "product_name": "Custom Metric Autoscaler operator for Red Hat Openshift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Will not fix", "package_name": "openshift-logging/cluster-logging-rhel8-operator", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/elasticsearch-proxy-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/elasticsearch-rhel8-operator", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Will not fix", "package_name": "openshift-logging/eventrouter-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/logging-loki-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/lokistack-gateway-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/opa-openshift-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:lvms:4", "fix_state": "Affected", "package_name": "lvms4/lvms-rhel9-operator", "product_name": "Logical Volume Manager Storage"}, {"cpe": "cpe:/a:redhat:lvms:4", "fix_state": "Not affected", "package_name": "lvms4/topolvm-rhel9", "product_name": "Logical Volume Manager Storage"}, {"cpe": "cpe:/a:redhat:rhmt", "fix_state": "Not affected", "package_name": "rhmtc/openshift-migration-velero-rhel8", "product_name": "Migration Toolkit for Containers"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Not affected", "package_name": "migration-toolkit-virtualization/mtv-controller-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Not affected", "package_name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:workload_availability_nmo:5", "fix_state": "Not affected", "package_name": "workload-availability/node-maintenance-rhel8-operator", "product_name": "Node Maintenance Operator"}, {"cpe": "cpe:/a:redhat:run_once_duration_override_operator:1", "fix_state": "Not affected", "package_name": "run-once-duration-override-operator/run-once-duration-override-rhel9", "product_name": "OpenShift Run Once Duration Override Operator"}, {"cpe": "cpe:/a:redhat:run_once_duration_override_operator:1", "fix_state": "Not affected", "package_name": "run-once-duration-override-operator/run-once-duration-override-rhel9-operator", "product_name": "OpenShift Run Once Duration Override Operator"}, {"cpe": "cpe:/a:redhat:openshift_secondary_scheduler:1", "fix_state": "Not affected", "package_name": "openshift-secondary-scheduler-operator/secondary-scheduler-rhel9-operator", "product_name": "OpenShift Secondary Scheduler Operator"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Will not fix", "package_name": "openshift-serverless-1/client-kn-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Will not fix", "package_name": "openshift-serverless-1/eventing-mtping-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Will not fix", "package_name": "openshift-serverless-1/ingress-rhel8-operator", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Will not fix", "package_name": "openshift-serverless-1-knative-client-plugin-event-sender-rhel8-container", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Will not fix", "package_name": "openshift-serverless-1/kourier-control-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Will not fix", "package_name": "openshift-serverless-1/net-istio-webhook-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Will not fix", "package_name": "openshift-serverless-1/serving-queue-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Will not fix", "package_name": "openshift-serverless-1-tech-preview/eventing-kafka-broker-webhook-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-apicast-operator-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-operator-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "acm-multicluster-globalhub-agent-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/acm-cluster-proxy-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/governance-policy-spec-sync-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/governance-policy-status-sync-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/governance-policy-template-sync-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/iam-policy-controller-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/lighthouse-agent-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/management-ingress-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Will not fix", "package_name": "rhacm2/multiclusterhub-repo-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/search-aggregator-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/submariner-gateway-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/volsync-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/cloud-event-proxy-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/cnf-tests-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/dpu-network-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/egress-router-cni-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ingress-node-firewall-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/kubernetes-nmstate-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/kubevirt-csi-driver-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/metallb-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/metallb-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/oc-mirror-plugin-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-alibaba-cloud-controller-manager-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-alibaba-cloud-csi-driver-container-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-alibaba-machine-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-aws-cloud-controller-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-aws-cluster-api-controllers-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-aws-efs-csi-driver-container-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-azure-cluster-api-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-baremetal-machine-controllers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-baremetal-runtimecfg-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cloud-event-proxy", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cloud-event-proxy-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-api-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-autoscaler-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-cluster-baremetal-operator-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-capacity", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-capi-operator-container-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-capi-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-dns-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-image-registry-rhel9-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-kube-cluster-api-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-cluster-machine-approver-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-cluster-monitoring-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-network-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-openshift-controller-manager-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-platform-operators-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-clusterresourceoverride-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-clusterresourceoverride-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-cluster-version-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-console-rhel9-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-container-networking-plugins-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-contour-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-coredns-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-csi-driver-manila-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-csi-driver-nfs-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-csi-driver-shared-resource-operator-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-csi-driver-shared-resource-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-csi-external-attacher", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-csi-external-attacher-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-csi-external-resizer", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-csi-external-resizer-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-csi-livenessprobe", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-csi-livenessprobe-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-csi-node-driver-registrar", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-csi-node-driver-registrar-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-csi-snapshot-controller", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-csi-snapshot-controller-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-descheduler", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-docker-builder", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-docker-registry", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-gcp-filestore-csi-driver-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-gcp-pd-csi-driver-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-ibmcloud-cluster-api-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-ibm-vpc-block-csi-driver-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-ibm-vpc-node-label-updater-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-image-customization-controller-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-k8s-prometheus-adapter-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-kube-rbac-proxy", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-kube-state-metrics-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-kubevirt-cloud-controller-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-libvirt-machine-controllers-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-machine-api-provider-aws-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-machine-api-provider-azure-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-machine-api-provider-gcp-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-machine-config-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-multus-admission-controller-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-multus-cni", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-multus-networkpolicy-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-network-interface-bond-cni-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-node-feature-discovery", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-nutanix-cloud-controller-manager-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-nutanix-machine-controllers-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-oauth-apiserver-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-oauth-server-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-olm-rukpak-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-openshift-apiserver-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-openshift-controller-manager-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-openshift-state-metrics-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-openstack-machine-controllers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-operator-marketplace", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-operator-registry-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-operator-sdk-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-ovirt-machine-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-powervs-cloud-controller-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-powervs-machine-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-prometheus", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-prometheus-rhel9-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-prom-label-proxy", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-ptp", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-ptp-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-sdn-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-telemeter", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-tests", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-thanos-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-tools-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-vertical-pod-autoscaler-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-vsphere-cloud-controller-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-vsphere-cluster-api-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ovirt-csi-driver-rhel7", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ovirt-csi-driver-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/topology-aware-lifecycle-manager-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4-wincw/windows-machine-config-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ztp-site-generate-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift-security-profiles-operator-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift-tech-preview/metallb-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "redhat/redhat-operator-index", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "sandboxed-containers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:assisted_installer:", "fix_state": "Not affected", "package_name": "rhai-tech-preview/assisted-installer-agent-rhel8", "product_name": "Red Hat OpenShift Container Platform Assisted Installer"}, {"cpe": "cpe:/a:redhat:assisted_installer:", "fix_state": "Not affected", "package_name": "rhai-tech-preview/assisted-installer-rhel8", "product_name": "Red Hat OpenShift Container Platform Assisted Installer"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/cephcsi-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/mcg-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/ocs-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/rook-ceph-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/volume-replication-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/cephcsi-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/mcg-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/ocs-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-csi-addons-sidecar-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-lvm-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-multicluster-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-topolvm-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odr-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/volume-replication-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-data-science-pipelines-operator-controller-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-ml-pipelines-cache-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-mm-rest-proxy-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-model-controller-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-modelmesh-runtime-adapter-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-modelmesh-serving-controller-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-notebook-controller-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-operator-base-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-rhel8-operator", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/opentelemetry-collector-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/opentelemetry-rhel8-operator", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/argocd-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/gitops-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/gitops-rhel8-operator", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Not affected", "package_name": "rabbitmq-cluster-operator-container", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-bridge-operator-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-builder-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-openshift-bridge-rhel8-operator", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-operator-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}], "public_date": "2023-07-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-37788\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37788\nhttps://github.com/advisories/GHSA-4r8x-2p26-976p\nhttps://github.com/elazarl/goproxy/issues/502\nhttps://github.com/elazarl/goproxy/pull/507"], "statement": "Goproxy is only susceptible to this vulnerability when used in MITM (Man In The Middle) mode. This use case is not relevant to any Red Hat products, so the impact is rated as Moderate.", "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation poc

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object