{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-45142", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-10-04T16:02:46.330Z", "datePublished": "2023-10-12T16:33:21.435Z", "dateUpdated": "2024-08-02T20:14:19.751Z"}, "containers": {"cna": {"title": "OpenTelemetry-Go Contrib has DoS vulnerability in otelhttp due to unbound cardinality metrics", "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr"}, {"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh", "tags": ["x_refsource_MISC"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh"}, {"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277", "tags": ["x_refsource_MISC"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277"}, {"name": "https://github.com/advisories/GHSA-cg3q-j54f-5p7p", "tags": ["x_refsource_MISC"], "url": "https://github.com/advisories/GHSA-cg3q-j54f-5p7p"}, {"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65", "tags": ["x_refsource_MISC"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65"}, {"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/releases/tag/v1.19.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/releases/tag/v1.19.0"}, {"name": "https://github.com/open-telemetry/opentelemetry-go/blob/38e1b499c3da3107694ad2660b3888eee9c8b896/semconv/internal/v2/http.go#L223", "tags": ["x_refsource_MISC"], "url": "https://github.com/open-telemetry/opentelemetry-go/blob/38e1b499c3da3107694ad2660b3888eee9c8b896/semconv/internal/v2/http.go#L223"}, {"name": "https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159", "tags": ["x_refsource_MISC"], "url": "https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTRJ54INZG3OC2FTAN6AFB2RYNY2GAD/"}], "affected": [{"vendor": "open-telemetry", "product": "opentelemetry-go-contrib", "versions": [{"version": "< 0.44.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-12T16:33:21.435Z"}, "descriptions": [{"lang": "en", "value": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it."}], "source": {"advisory": "GHSA-rcjv-mgp8-qvmr", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:14:19.751Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr"}, {"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh"}, {"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277"}, {"name": "https://github.com/advisories/GHSA-cg3q-j54f-5p7p", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/advisories/GHSA-cg3q-j54f-5p7p"}, {"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65"}, {"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/releases/tag/v1.19.0", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/releases/tag/v1.19.0"}, {"name": "https://github.com/open-telemetry/opentelemetry-go/blob/38e1b499c3da3107694ad2660b3888eee9c8b896/semconv/internal/v2/http.go#L223", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/open-telemetry/opentelemetry-go/blob/38e1b499c3da3107694ad2660b3888eee9c8b896/semconv/internal/v2/http.go#L223"}, {"name": "https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTRJ54INZG3OC2FTAN6AFB2RYNY2GAD/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opentelemetry:opentelemetry:*:*:*:*:*:go:*:*", "matchCriteriaId": "2E7726FA-0421-40C6-B36B-3B6618D81880", "versionEndExcluding": "0.44.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it."}, {"lang": "es", "value": "OpenTelemetry-Go Contrib es una colecci\u00f3n de paquetes de terceros para OpenTelemetry-Go. Un contenedor de controlador listo para usar agrega etiquetas `http.user_agent` y `http.method` que tienen cardinalidad independiente. Conduce al posible agotamiento de la memoria del servidor cuando se le env\u00edan muchas solicitudes maliciosas. Un atacante puede configurar f\u00e1cilmente el encabezado HTTP User-Agent o el m\u00e9todo HTTP para solicitudes para que sea aleatorio y largo. La librer\u00eda utiliza internamente `httpconv.ServerRequest` que registra cada valor para el `method` HTTP y el `User-Agent`. Para verse afectado, un programa debe utilizar el contenedor `otelhttp.NewHandler` y no filtrar ning\u00fan m\u00e9todo HTTP desconocido o agentes de usuario en el nivel de CDN, LB, middleware anterior, etc. La versi\u00f3n 0.44.0 solucion\u00f3 este problema cuando el Los valores recopilados para el atributo `http.request.method` se cambiaron para restringirlos a un conjunto de valores conocidos y se eliminaron otros atributos de alta cardinalidad. Como workaround para dejar de verse afectado, se puede utilizar `otelhttp.WithFilter()`, pero requiere una configuraci\u00f3n manual cuidadosa para no registrar ciertas solicitudes por completo. Para mayor comodidad y uso seguro de esta librer\u00eda, deber\u00eda marcar de forma predeterminada con la etiqueta \"unknown\" los m\u00e9todos HTTP no est\u00e1ndar y los agentes de usuario para mostrar que dichas solicitudes se realizaron pero no aumentan la cardinalidad. En caso de que alguien quiera seguir con el comportamiento actual, la API de la librer\u00eda deber\u00eda permitir habilitarlo."}], "id": "CVE-2023-45142", "lastModified": "2024-11-21T08:26:25.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-12T17:15:09.990", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/advisories/GHSA-cg3q-j54f-5p7p"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/releases/tag/v1.19.0"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/open-telemetry/opentelemetry-go/blob/38e1b499c3da3107694ad2660b3888eee9c8b896/semconv/internal/v2/http.go#L223"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTRJ54INZG3OC2FTAN6AFB2RYNY2GAD/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/advisories/GHSA-cg3q-j54f-5p7p"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/releases/tag/v1.19.0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/open-telemetry/opentelemetry-go/blob/38e1b499c3da3107694ad2660b3888eee9c8b896/semconv/internal/v2/http.go#L223"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTRJ54INZG3OC2FTAN6AFB2RYNY2GAD/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHBA-2023:7648", "cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.5::el9", "package": "migration-toolkit-virtualization/mtv-validation-rhel9:2.5.3-12", "product_name": "Migration Toolkit for Virtualization 2.5", "release_date": "2023-12-05T00:00:00Z"}, {"advisory": "RHSA-2023:7555", "cpe": "cpe:/a:redhat:openshift_api_data_protection:1.3::el9", "package": "oadp/oadp-mustgather-rhel9:1.3.0-138", "product_name": "OADP-1.3-RHEL-9", "release_date": "2023-11-28T00:00:00Z"}, {"advisory": "RHSA-2023:7555", "cpe": "cpe:/a:redhat:openshift_api_data_protection:1.3::el9", "package": "oadp/oadp-velero-plugin-for-csi-rhel9:1.3.0-34", "product_name": "OADP-1.3-RHEL-9", "release_date": "2023-11-28T00:00:00Z"}, {"advisory": "RHSA-2023:7555", "cpe": "cpe:/a:redhat:openshift_api_data_protection:1.3::el9", "package": "oadp/oadp-velero-restic-restore-helper-rhel9:1.3.0-45", "product_name": "OADP-1.3-RHEL-9", "release_date": "2023-11-28T00:00:00Z"}, {"advisory": "RHSA-2023:7555", "cpe": "cpe:/a:redhat:openshift_api_data_protection:1.3::el9", "package": "oadp/oadp-velero-rhel9:1.3.0-50", "product_name": "OADP-1.3-RHEL-9", "release_date": "2023-11-28T00:00:00Z"}, {"advisory": "RHSA-2024:1859", "cpe": "cpe:/a:redhat:openshift_api_data_protection:1.3::el9", "package": "oadp/oadp-rhel9-operator:1.3.1-40", "product_name": "OADP-1.3-RHEL-9", "release_date": "2024-04-16T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-cluster-permission-rhel9:v2.10.5-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-governance-policy-addon-controller-rhel9:v2.10.5-7", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-governance-policy-framework-addon-rhel9:v2.10.5-8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-grafana-rhel9:v2.10.5-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-must-gather-rhel9:v2.10.5-8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-operator-bundle:v2.10.5-26", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-prometheus-config-reloader-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-prometheus-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-search-indexer-rhel9:v2.10.5-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-search-v2-api-rhel9:v2.10.5-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-search-v2-rhel9:v2.10.5-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-volsync-addon-controller-rhel9:v2.10.5-11", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/cert-policy-controller-rhel9:v2.10.5-9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/cluster-backup-rhel9-operator:v2.10.5-17", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/config-policy-controller-rhel9:v2.10.5-8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/console-rhel9:v2.10.5-8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/endpoint-monitoring-rhel9-operator:v2.10.5-9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/governance-policy-propagator-rhel9:v2.10.5-8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/grafana-dashboard-loader-rhel9:v2.10.5-9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/iam-policy-controller-rhel9:v2.10.5-9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/insights-client-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/insights-metrics-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/klusterlet-addon-controller-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/kube-rbac-proxy-rhel9:v2.10.5-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/kube-state-metrics-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/memcached-exporter-rhel9:v2.10.5-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/memcached-rhel9:v2.10.5-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/metrics-collector-rhel9:v2.10.5-9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicloud-integrations-rhel9:v2.10.5-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multiclusterhub-rhel9:v2.10.5-12", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicluster-observability-rhel9-operator:v2.10.5-9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicluster-operators-application-rhel9:v2.10.5-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicluster-operators-channel-rhel9:v2.10.5-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicluster-operators-subscription-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/node-exporter-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/observatorium-rhel9:v2.10.5-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/observatorium-rhel9-operator:v2.10.5-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/prometheus-alertmanager-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/prometheus-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/rbac-query-proxy-rhel9:v2.10.5-9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/search-collector-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/submariner-addon-rhel9:v2.10.5-16", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/thanos-receive-controller-rhel9:v2.10.5-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/thanos-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:1328", "cpe": "cpe:/a:redhat:acm:2.9::el8", "package": "rhacm2/acm-governance-policy-addon-controller-rhel8:v2.9.3-9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.9 for RHEL 8", "release_date": "2024-03-14T00:00:00Z"}, {"advisory": "RHSA-2024:4118", "cpe": "cpe:/a:redhat:ceph_storage:5.3::el8", "package": "ceph-2:16.2.10-266.el9cp", "product_name": "Red Hat Ceph Storage 5.3", "release_date": "2024-06-26T00:00:00Z"}, {"advisory": "RHSA-2024:4118", "cpe": "cpe:/a:redhat:ceph_storage:5.3::el8", "package": "ceph-ansible-0:6.0.28.8-1.el8cp", "product_name": "Red Hat Ceph Storage 5.3", "release_date": "2024-06-26T00:00:00Z"}, {"advisory": "RHSA-2024:0833", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-thanos-rhel8:v4.12.0-202402081808.p0.g2867a6b.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:0660", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-thanos-rhel8:v4.13.0-202401292134.p0.g70fb57f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:6811", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.13.0-202409131306.p0.g6e7e783.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-09-25T00:00:00Z"}, {"advisory": "RHSA-2023:7469", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-clusterresourceoverride-rhel8:v4.14.0-202311211133.p0.gedf3612.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-11-29T00:00:00Z"}, {"advisory": "RHSA-2023:7469", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.14.0-202311211133.p0.g71bd95e.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-11-29T00:00:00Z"}, {"advisory": "RHSA-2023:7470", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-thanos-rhel8:v4.14.0-202311211133.p0.ga267125.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-11-29T00:00:00Z"}, {"advisory": "RHSA-2023:7599", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-multus-networkpolicy-rhel8:v4.14.0-202311271514.p0.gcd6eae1.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-12-05T00:00:00Z"}, {"advisory": "RHSA-2023:7681", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-node-feature-discovery:v4.14.0-202312052033.p0.gaa5c125.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-12-12T00:00:00Z"}, {"advisory": "RHSA-2023:7682", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-prometheus:v4.14.0-202312051151.p0.gb7c61bc.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-12-12T00:00:00Z"}, {"advisory": "RHSA-2023:7831", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-operator-registry:v4.14.0-202312132033.p0.g3bb41f0.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-01-03T00:00:00Z"}, {"advisory": "RHSA-2023:7831", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-telemeter:v4.14.0-202312132033.p0.gc683f65.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-01-03T00:00:00Z"}, {"advisory": "RHSA-2024:0050", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-olm-operator-rhel8:v4.14.0-202312211913.p0.g0dbbb61.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-01-09T00:00:00Z"}, {"advisory": "RHSA-2024:0050", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-olm-operator-controller-rhel8:v4.14.0-202312211913.p0.gd714b46.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-01-09T00:00:00Z"}, {"advisory": "RHSA-2024:0204", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.14.0-202401090715.p0.g6516b6e.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-01-17T00:00:00Z"}, {"advisory": "RHSA-2024:0642", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-azure-cluster-api-controllers-rhel8:v4.14.0-202401292111.p0.g7ad2773.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0642", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-api-rhel8:v4.14.0-202401292111.p0.gae83c55.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0642", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-monitoring-operator:v4.14.0-202401311150.p0.gcef0da4.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0642", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.14.0-202401292111.p0.gb04567f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:5433", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.14.0-202408070332.p0.g3985c55.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-08-22T00:00:00Z"}, {"advisory": "RHSA-2024:6406", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.14.0-202408260910.p0.gaccd877.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:0641", "cpe": "cpe:/a:redhat:openshift:4.14::el9", "package": "openshift4/ose-kubernetes-nmstate-handler-rhel9:v4.14.0-202401261353.p0.g203571f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2023:7197", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-clusterresourceoverride-rhel9:v4.15.0-202401261531.p0.ge15d0ff.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7197", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-clusterresourceoverride-rhel9-operator:v4.15.0-202401261531.p0.g507210c.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7197", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator:v4.15.0-202402100738.p0.g751262e.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7197", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-secrets-store-csi-driver-rhel8-operator:v4.15.0-202402082307.p0.gfe43620.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7197", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-secrets-store-csi-mustgather-rhel8:v4.15.0-202402082307.p0.gfe43620.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.15.0-202402082307.p0.g41b367a.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-aws-ebs-csi-driver-rhel9-operator:v4.15.0-202401261531.p0.gf258bd0.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.15.0-202402082307.p0.g160cf62.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-azure-disk-csi-driver-rhel9:v4.15.0-202401261531.p0.gdcb7e1c.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.15.0-202402082307.p0.g1c6294a.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-azure-file-csi-driver-rhel9:v4.15.0-202401261531.p0.g364d90d.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-cluster-csi-snapshot-controller-rhel9-operator:v4.15.0-202401261531.p0.g1afe553.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-cluster-monitoring-rhel9-operator:v4.15.0-202402060437.p0.ga13d634.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-cluster-node-tuning-rhel9-operator:v4.15.0-202402191707.p0.g01fc8d9.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-cluster-olm-operator-rhel8:v4.15.0-202402082307.p0.ga7ba898.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-cluster-storage-rhel9-operator:v4.15.0-202402050938.p0.g279df4f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-csi-external-provisioner:v4.15.0-202402082307.p0.gce5a1a3.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-csi-external-provisioner-rhel8:v4.15.0-202402082307.p0.gce5a1a3.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.15.0-202402082307.p0.g3b91ee3.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.15.0-202402082307.p0.g516264a.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-multus-networkpolicy-rhel9:v4.15.0-202401261531.p0.g6212406.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-olm-operator-controller-rhel8:v4.15.0-202402082307.p0.ge290693.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.15.0-202402082307.p0.g2367f2c.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-operator-lifecycle-manager-rhel9:v4.15.0-202402131807.p0.g0e8b957.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-powervs-block-csi-driver-operator-rhel8:v4.15.0-202402082307.p0.ga3729dc.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-powervs-block-csi-driver-rhel9:v4.15.0-202401261531.p0.g5ca428c.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-powervs-cloud-controller-manager-rhel9:v4.15.0-202401261531.p0.g521b80d.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-prometheus:v4.15.0-202401290854.p0.g6828e44.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-telemeter-rhel9:v4.15.0-202402201438.p0.g80992e5.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-thanos-rhel8:v4.15.0-202402082307.p0.g66161ad.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.15.0-202402082307.p0.ge0d4657.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-vmware-vsphere-csi-driver-rhel9:v4.15.0-202401261531.p0.g74481e3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.15.0-202402082307.p0.ge0d4657.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-vsphere-csi-driver-rhel9:v4.15.0-202401261531.p0.g74481e3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-vsphere-csi-driver-syncer-rhel9:v4.15.0-202401261531.p0.g74481e3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-vsphere-problem-detector-rhel9:v4.15.0-202401261531.p0.gde02a75.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2024:0766", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-aws-efs-csi-driver-container-rhel8:v4.15.0-202402051038.p0.g5af4e87.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-28T00:00:00Z"}, {"advisory": "RHSA-2024:0766", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-aws-efs-csi-driver-rhel8-operator:v4.15.0-202402051038.p0.ga05ecc6.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-28T00:00:00Z"}, {"advisory": "RHSA-2024:8991", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-agent-installer-api-server-rhel8:v4.15.0-202411060036.p0.g59ec115.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:2773", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-cluster-openshift-controller-manager-rhel9-operator:v4.15.0-202405032206.p0.g9c4fb81.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-05-15T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-aws-ebs-csi-driver-rhel9:v4.16.0-202406131906.p0.g1d29a74.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-azure-cloud-controller-manager-rhel9:v4.16.0-202406131906.p0.g0e95532.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-azure-disk-csi-driver-rhel9:v4.16.0-202406131906.p0.g6b55f6f.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-azure-file-csi-driver-rhel9:v4.16.0-202406131906.p0.g5ceb190.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cluster-olm-rhel9-operator:v4.16.0-202406131906.p0.g27bf70d.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-csi-external-provisioner-rhel9:v4.16.0-202406131906.p0.g9e8af01.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-gcp-cloud-controller-manager-rhel9:v4.16.0-202406131906.p0.g26b43df.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-ibmcloud-cluster-api-controllers-rhel9:v4.16.0-202406131906.p0.g60b7ca9.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-ibm-cloud-controller-manager-rhel9:v4.16.0-202406131906.p0.gf961f16.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-insights-rhel9-operator:v4.16.0-202406131906.p0.g3c7446c.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-nutanix-cloud-controller-manager-rhel9:v4.16.0-202406131906.p0.gc9bbc44.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-olm-operator-controller-rhel9:v4.16.0-202406131906.p0.g80b8649.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-operator-lifecycle-manager-rhel9:v4.16.0-202406131906.p0.g1aacee6.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-vmware-vsphere-csi-driver-rhel9:v4.16.0-202406131906.p0.g3cd689f.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-vsphere-csi-driver-rhel9:v4.16.0-202406131906.p0.g3cd689f.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-vsphere-csi-driver-syncer-rhel9:v4.16.0-202406131906.p0.g3cd689f.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:7921", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "openshift4/ose-ansible-rhel9-operator:v4.17.0-202410080934.p0.g1d4d62e.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2024-10-15T00:00:00Z"}, {"advisory": "RHSA-2024:7921", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "openshift4/ose-helm-rhel9-operator:v4.17.0-202410081406.p0.g3a3708d.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2024-10-15T00:00:00Z"}, {"advisory": "RHSA-2024:7921", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "openshift4/ose-operator-sdk-rhel9:v4.17.0-202410081406.p0.g3a3708d.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2024-10-15T00:00:00Z"}, {"advisory": "RHSA-2023:7663", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.0::el8", "package": "rhosdt/jaeger-agent-rhel8:1.51.0-1", "product_name": "Red Hat Openshift distributed tracing 3.0", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7663", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.0::el8", "package": "rhosdt/jaeger-all-in-one-rhel8:1.51.0-1", "product_name": "Red Hat Openshift distributed tracing 3.0", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7663", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.0::el8", "package": "rhosdt/jaeger-collector-rhel8:1.51.0-1", "product_name": "Red Hat Openshift distributed tracing 3.0", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7663", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.0::el8", "package": "rhosdt/jaeger-es-index-cleaner-rhel8:1.51.0-1", "product_name": "Red Hat Openshift distributed tracing 3.0", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7663", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.0::el8", "package": "rhosdt/jaeger-es-rollover-rhel8:1.51.0-1", "product_name": "Red Hat Openshift distributed tracing 3.0", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7663", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.0::el8", "package": "rhosdt/jaeger-ingester-rhel8:1.51.0-1", "product_name": "Red Hat Openshift distributed tracing 3.0", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7663", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.0::el8", "package": "rhosdt/jaeger-query-rhel8:1.51.0-1", "product_name": "Red Hat Openshift distributed tracing 3.0", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7663", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.0::el8", "package": "rhosdt/opentelemetry-collector-rhel8:0.89.0-2", "product_name": "Red Hat Openshift distributed tracing 3.0", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7663", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.0::el8", "package": "rhosdt/tempo-gateway-rhel8:0.1.2-19", "product_name": "Red Hat Openshift distributed tracing 3.0", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7663", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.0::el8", "package": "rhosdt/tempo-query-rhel8:0.6.0-3", "product_name": "Red Hat Openshift distributed tracing 3.0", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7663", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.0::el8", "package": "rhosdt/tempo-rhel8:2.3.0-2", "product_name": "Red Hat Openshift distributed tracing 3.0", "release_date": "2023-12-06T00:00:00Z"}], "bugzilla": {"description": "opentelemetry: DoS vulnerability in otelhttp", "id": "2245180", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245180"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-770", "details": ["OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.", "A memory leak was found in the otelhttp handler of open-telemetry. This flaw allows a remote, unauthenticated attacker to exhaust the server's memory by sending many malicious requests, affecting the availability."], "mitigation": {"lang": "en:us", "value": "As a workaround to stop being affected otelhttp.WithFilter() can be used.\nFor convenience and safe usage of this library, it should by default mark with the label unknown non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.\nThe other possibility is to disable HTTP metrics instrumentation by passing otelhttp.WithMeterProvider option with noop.NewMeterProvider."}, "name": "CVE-2023-45142", "package_state": [{"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Affected", "package_name": "cert-manager/cert-manager-operator-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Affected", "package_name": "cert-manager/jetstack-cert-manager-acmesolver-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Affected", "package_name": "cert-manager/jetstack-cert-manager-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/logging-loki-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/lokistack-gateway-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:lvms:4", "fix_state": "Will not fix", "package_name": "lvms4/lvms-must-gather-rhel9", "product_name": "Logical Volume Manager Storage"}, {"cpe": "cpe:/a:redhat:lvms:4", "fix_state": "Affected", "package_name": "lvms4/lvms-rhel9-operator", "product_name": "Logical Volume Manager Storage"}, {"cpe": "cpe:/a:redhat:lvms:4", "fix_state": "Not affected", "package_name": "lvms4/topolvm-rhel9", "product_name": "Logical Volume Manager Storage"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Will not fix", "package_name": "oadp/oadp-kubevirt-velero-plugin-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Will not fix", "package_name": "oadp/oadp-velero-plugin-for-aws-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Will not fix", "package_name": "oadp/oadp-velero-plugin-for-gcp-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Will not fix", "package_name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Not affected", "package_name": "oadp/oadp-velero-plugin-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Will not fix", "package_name": "oadp/oadp-volume-snapshot-mover-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:run_once_duration_override_operator:1", "fix_state": "Will not fix", "package_name": "run-once-duration-override-operator/run-once-duration-override-operator-rhel8", "product_name": "OpenShift Run Once Duration Override Operator"}, {"cpe": "cpe:/a:redhat:run_once_duration_override_operator:1", "fix_state": "Will not fix", "package_name": "run-once-duration-override-operator/run-once-duration-override-rhel8", "product_name": "OpenShift Run Once Duration Override Operator"}, {"cpe": "cpe:/a:redhat:openshift_secondary_scheduler:1", "fix_state": "Will not fix", "package_name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8", "product_name": "OpenShift Secondary Scheduler Operator"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/client-kn-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/eventing-controller-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/eventing-mtping-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/eventing-storage-version-migration-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/eventing-webhook-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/ingress-rhel8-operator", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1-knative-client-plugin-event-sender-rhel8-container", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/knative-rhel8-operator", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/kourier-control-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/net-istio-controller-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/net-istio-webhook-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/serverless-rhel8-operator", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/serving-activator-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/serving-autoscaler-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/serving-controller-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/serving-domain-mapping-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/serving-queue-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/serving-storage-version-migration-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/serving-webhook-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1-tech-preview/eventing-kafka-broker-controller-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1-tech-preview/eventing-kafka-broker-webhook-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-apicast-operator-bundle-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-apicast-operator-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/submariner-rhel8-operator", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:certifications:1::el8", "fix_state": "Affected", "package_name": "redhat-certification-cnf", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:certifications:1::el8", "fix_state": "Affected", "package_name": "redhat-certification-preflight", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:certifications:1::el9", "fix_state": "Affected", "package_name": "redhat-certification-cnf", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:certifications:1::el9", "fix_state": "Affected", "package_name": "redhat-certification-preflight", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "cri-tools", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "microshift", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/cnf-tests-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/dpu-network-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ingress-node-firewall", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ingress-node-firewall-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/kube-metrics-server-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/kubernetes-nmstate-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/metallb-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/oc-mirror-plugin-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/openshift-route-controller-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-alibaba-cloud-controller-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-aws-cloud-controller-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-azure-cloud-node-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-authentication-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-bootstrap", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-capacity", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-capi-operator-container-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-config-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-etcd-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-image-registry-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-kube-apiserver-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-kube-controller-manager-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-kube-descheduler-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-kube-scheduler-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-machine-approver", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-network-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-openshift-apiserver-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-cluster-platform-operators-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-policy-controller-rhel7", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-cluster-samples-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-version-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-console-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-csi-driver-manila-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-csi-driver-manila-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-csi-driver-nfs-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-csi-driver-registrar", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-csi-driver-shared-resource-operator-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-csi-external-attacher", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-csi-external-attacher-rhel7", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-csi-node-driver-registrar", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-csi-node-driver-registrar-rhel7", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-descheduler", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-docker-registry", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-haproxy-router", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-hyperkube", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-k8s-prometheus-adapter", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-kube-proxy", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-kube-rbac-proxy", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-kubernetes-nmstate-handler-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-kubevirt-cloud-controller-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-local-storage-diskmaker", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-local-storage-mustgather-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-local-storage-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-machine-api-provider-aws-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-machine-api-provider-azure-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-machine-api-provider-gcp-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-machine-api-provider-openstack-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-node", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-nutanix-machine-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-oauth-apiserver-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-oauth-proxy", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-oauth-server-rhel7", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-openshift-apiserver-rhel7", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-openshift-controller-manager-rhel7", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-openstack-cinder-csi-driver-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-openstack-cloud-controller-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-openstack-machine-controllers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-operator-marketplace", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-pod", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-ptp", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-ptp-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-service-ca-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-sriov-network-config-daemon", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-sriov-network-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-sriov-network-webhook", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-sriov-operator-must-gather", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-tests", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ovirt-csi-driver-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ptp-must-gather-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4-wincw/windows-machine-config-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ztp-site-generate-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift-tech-preview/metallb-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "ose-haproxy-router-base-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/cephcsi-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/mcg-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/ocs-client-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-csi-addons-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-csi-addons-sidecar-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-lvm-must-gather-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-lvm-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-multicluster-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-topolvm-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odr-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf/odf-multicluster-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Affected", "package_name": "odh-mcad-controller-container", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Affected", "package_name": "rhods/odh-data-science-pipelines-operator-controller-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Affected", "package_name": "rhods/odh-kf-notebook-controller-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Affected", "package_name": "rhods/odh-ml-pipelines-api-server-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Affected", "package_name": "rhods/odh-ml-pipelines-artifact-manager-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Affected", "package_name": "rhods/odh-ml-pipelines-cache-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Affected", "package_name": "rhods/odh-ml-pipelines-persistenceagent-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Affected", "package_name": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Affected", "package_name": "rhods/odh-ml-pipelines-viewercontroller-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Affected", "package_name": "rhods/odh-model-controller-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Affected", "package_name": "rhods/odh-modelmesh-serving-controller-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Affected", "package_name": "rhods/odh-notebook-controller-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Affected", "package_name": "rhosdt/jaeger-agent-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Affected", "package_name": "rhosdt/jaeger-all-in-one-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Affected", "package_name": "rhosdt/jaeger-collector-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Affected", "package_name": "rhosdt/jaeger-es-index-cleaner-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Affected", "package_name": "rhosdt/jaeger-es-rollover-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Affected", "package_name": "rhosdt/jaeger-ingester-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Affected", "package_name": "rhosdt/jaeger-query-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Affected", "package_name": "rhosdt/opentelemetry-collector-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Affected", "package_name": "rhosdt/tempo-gateway-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Affected", "package_name": "rhosdt/tempo-query-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Affected", "package_name": "rhosdt/tempo-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/argocd-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/kam-delivery-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_sandboxed_containers:1", "fix_state": "Affected", "package_name": "openshift-sandboxed-containers-tech-preview/osc-must-gather-rhel8", "product_name": "Red Hat Openshift sandboxed containers"}, {"cpe": "cpe:/a:redhat:openshift_sandboxed_containers:1", "fix_state": "Affected", "package_name": "openshift-sandboxed-containers-tech-preview/osc-rhel8-operator", "product_name": "Red Hat Openshift sandboxed containers"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "container-native-virtualization/cluster-network-addons-operator", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "container-native-virtualization/cluster-network-addons-operator-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/clair-rhel8", "product_name": "Red Hat Quay 3"}], "public_date": "2023-10-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-45142\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-45142\nhttps://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr"], "statement": "While no authentication is required, there are a significant number of non-default factors which prevent widespread exploitation of this flaw. For a service to be affected, all of the following must be true:\n* The go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp package must be in use\n* Configured a metrics pipeline which uses the otelhttp.NewHandler wrapper function\n* No filtering of unknown HTTP methods or user agents at a higher level (such as Content Delivery Network/Load Balancer/etc...)\nDue to the limited attack surface, Red Hat Product Security rates the impact as Moderate.", "threat_severity": "Moderate", "upstream_fix": "opentelemetry-go 0.44.0"}