{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-47108", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-10-30T19:57:51.673Z", "datePublished": "2023-11-10T18:31:33.730Z", "dateUpdated": "2024-09-03T17:26:56.850Z"}, "containers": {"cna": {"title": "DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics ", "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-8pgv-569h-w5rw", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-8pgv-569h-w5rw"}, {"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4322", "tags": ["x_refsource_MISC"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4322"}, {"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/commit/b44dfc9092b157625a5815cb437583cee663333b", "tags": ["x_refsource_MISC"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/commit/b44dfc9092b157625a5815cb437583cee663333b"}, {"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/9d4eb7e7706038b07d33f83f76afbe13f53d171d/instrumentation/google.golang.org/grpc/otelgrpc/interceptor.go#L327", "tags": ["x_refsource_MISC"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/9d4eb7e7706038b07d33f83f76afbe13f53d171d/instrumentation/google.golang.org/grpc/otelgrpc/interceptor.go#L327"}, {"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.45.0/instrumentation/google.golang.org/grpc/otelgrpc/config.go#L138", "tags": ["x_refsource_MISC"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.45.0/instrumentation/google.golang.org/grpc/otelgrpc/config.go#L138"}, {"name": "https://pkg.go.dev/go.opentelemetry.io/otel/metric/noop#NewMeterProvider", "tags": ["x_refsource_MISC"], "url": "https://pkg.go.dev/go.opentelemetry.io/otel/metric/noop#NewMeterProvider"}], "affected": [{"vendor": "open-telemetry", "product": "opentelemetry-go-contrib", "versions": [{"version": "< 0.46.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-11-10T18:31:33.730Z"}, "descriptions": [{"lang": "en", "value": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`."}], "source": {"advisory": "GHSA-8pgv-569h-w5rw", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:01:22.674Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-8pgv-569h-w5rw", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-8pgv-569h-w5rw"}, {"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4322", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4322"}, {"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/commit/b44dfc9092b157625a5815cb437583cee663333b", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/commit/b44dfc9092b157625a5815cb437583cee663333b"}, {"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/9d4eb7e7706038b07d33f83f76afbe13f53d171d/instrumentation/google.golang.org/grpc/otelgrpc/interceptor.go#L327", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/9d4eb7e7706038b07d33f83f76afbe13f53d171d/instrumentation/google.golang.org/grpc/otelgrpc/interceptor.go#L327"}, {"name": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.45.0/instrumentation/google.golang.org/grpc/otelgrpc/config.go#L138", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.45.0/instrumentation/google.golang.org/grpc/otelgrpc/config.go#L138"}, {"name": "https://pkg.go.dev/go.opentelemetry.io/otel/metric/noop#NewMeterProvider", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://pkg.go.dev/go.opentelemetry.io/otel/metric/noop#NewMeterProvider"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-03T17:26:16.403179Z", "id": "CVE-2023-47108", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T17:26:56.850Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-8pgv-569h-w5rw", "name": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-8pgv-569h-w5rw", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4322", "name": "https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4322", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/commit/b44dfc9092b157625a5815cb437583cee663333b", "name": "https://github.com/open-telemetry/opentelemetry-go-contrib/commit/b44dfc9092b157625a5815cb437583cee663333b", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/9d4eb7e7706038b07d33f83f76afbe13f53d171d/instrumentation/google.golang.org/grpc/otelgrpc/interceptor.go#L327", "name": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/9d4eb7e7706038b07d33f83f76afbe13f53d171d/instrumentation/google.golang.org/grpc/otelgrpc/interceptor.go#L327", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.45.0/instrumentation/google.golang.org/grpc/otelgrpc/config.go#L138", "name": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.45.0/instrumentation/google.golang.org/grpc/otelgrpc/config.go#L138", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://pkg.go.dev/go.opentelemetry.io/otel/metric/noop#NewMeterProvider", "name": "https://pkg.go.dev/go.opentelemetry.io/otel/metric/noop#NewMeterProvider", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:01:22.674Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-47108", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-03T17:26:16.403179Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T17:26:51.944Z"}}], "cna": {"title": "DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics ", "source": {"advisory": "GHSA-8pgv-569h-w5rw", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "open-telemetry", "product": "opentelemetry-go-contrib", "versions": [{"status": "affected", "version": "< 0.46.0"}]}], "references": [{"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-8pgv-569h-w5rw", "name": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-8pgv-569h-w5rw", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4322", "name": "https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4322", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/commit/b44dfc9092b157625a5815cb437583cee663333b", "name": "https://github.com/open-telemetry/opentelemetry-go-contrib/commit/b44dfc9092b157625a5815cb437583cee663333b", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/9d4eb7e7706038b07d33f83f76afbe13f53d171d/instrumentation/google.golang.org/grpc/otelgrpc/interceptor.go#L327", "name": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/9d4eb7e7706038b07d33f83f76afbe13f53d171d/instrumentation/google.golang.org/grpc/otelgrpc/interceptor.go#L327", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.45.0/instrumentation/google.golang.org/grpc/otelgrpc/config.go#L138", "name": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.45.0/instrumentation/google.golang.org/grpc/otelgrpc/config.go#L138", "tags": ["x_refsource_MISC"]}, {"url": "https://pkg.go.dev/go.opentelemetry.io/otel/metric/noop#NewMeterProvider", "name": "https://pkg.go.dev/go.opentelemetry.io/otel/metric/noop#NewMeterProvider", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-11-10T18:31:33.730Z"}}}, "cveMetadata": {"cveId": "CVE-2023-47108", "state": "PUBLISHED", "dateUpdated": "2024-09-03T17:26:56.850Z", "dateReserved": "2023-10-30T19:57:51.673Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-11-10T18:31:33.730Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opentelemetry:opentelemetry:*:*:*:*:*:go:*:*", "matchCriteriaId": "3F6FEFCC-23A7-4CB6-BC7E-5D6B3872786A", "versionEndExcluding": "0.46.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`."}, {"lang": "es", "value": "OpenTelemetry-Go Contrib es una colecci\u00f3n de paquetes de terceros para OpenTelemetry-Go. Antes de la versi\u00f3n 0.46.0, grpc Unary Server Interceptor agrega etiquetas `net.peer.sock.addr` y `net.peer.sock.port` que tienen cardinalidad independiente. Conduce al posible agotamiento de la memoria del servidor cuando se env\u00edan muchas solicitudes maliciosas. Un atacante puede inundar f\u00e1cilmente la direcci\u00f3n y el puerto del par para solicitudes. La versi\u00f3n 0.46.0 contiene una soluci\u00f3n para este problema. Como workaround para dejar de verse afectado, se puede utilizar una vista que elimine los atributos. La otra posibilidad es deshabilitar la instrumentaci\u00f3n de m\u00e9tricas de grpc pasando la opci\u00f3n `otelgrpc.WithMeterProvider` con `noop.NewMeterProvider`."}], "id": "CVE-2023-47108", "lastModified": "2023-11-20T19:34:26.493", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-11-10T19:15:16.410", "references": [{"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/9d4eb7e7706038b07d33f83f76afbe13f53d171d/instrumentation/google.golang.org/grpc/otelgrpc/interceptor.go#L327"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.45.0/instrumentation/google.golang.org/grpc/otelgrpc/config.go#L138"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/commit/b44dfc9092b157625a5815cb437583cee663333b"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4322"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-8pgv-569h-w5rw"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://pkg.go.dev/go.opentelemetry.io/otel/metric/noop#NewMeterProvider"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:1812", "cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.0::el8", "package": "custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8:2.12.1-376", "product_name": "OpenShift Custom Metrics Autoscaler 2", "release_date": "2024-04-15T00:00:00Z"}, {"advisory": "RHSA-2024:1812", "cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.0::el8", "package": "custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8:2.12.1-376", "product_name": "OpenShift Custom Metrics Autoscaler 2", "release_date": "2024-04-15T00:00:00Z"}, {"advisory": "RHSA-2024:1812", "cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.0::el8", "package": "custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle:2.12.1-376", "product_name": "OpenShift Custom Metrics Autoscaler 2", "release_date": "2024-04-15T00:00:00Z"}, {"advisory": "RHSA-2024:1812", "cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.0::el8", "package": "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8:2.12.1-376", "product_name": "OpenShift Custom Metrics Autoscaler 2", "release_date": "2024-04-15T00:00:00Z"}, {"advisory": "RHSA-2024:1812", "cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.0::el8", "package": "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator:2.12.1-376", "product_name": "OpenShift Custom Metrics Autoscaler 2", "release_date": "2024-04-15T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-cluster-permission-rhel9:v2.10.5-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-governance-policy-addon-controller-rhel9:v2.10.5-7", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-governance-policy-framework-addon-rhel9:v2.10.5-8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-grafana-rhel9:v2.10.5-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-must-gather-rhel9:v2.10.5-8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-operator-bundle:v2.10.5-26", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-prometheus-config-reloader-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-prometheus-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-search-indexer-rhel9:v2.10.5-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-search-v2-api-rhel9:v2.10.5-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-search-v2-rhel9:v2.10.5-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-volsync-addon-controller-rhel9:v2.10.5-11", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/cert-policy-controller-rhel9:v2.10.5-9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/cluster-backup-rhel9-operator:v2.10.5-17", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/config-policy-controller-rhel9:v2.10.5-8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/console-rhel9:v2.10.5-8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/endpoint-monitoring-rhel9-operator:v2.10.5-9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/governance-policy-propagator-rhel9:v2.10.5-8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/grafana-dashboard-loader-rhel9:v2.10.5-9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/iam-policy-controller-rhel9:v2.10.5-9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/insights-client-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/insights-metrics-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/klusterlet-addon-controller-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/kube-rbac-proxy-rhel9:v2.10.5-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/kube-state-metrics-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/memcached-exporter-rhel9:v2.10.5-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/memcached-rhel9:v2.10.5-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/metrics-collector-rhel9:v2.10.5-9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicloud-integrations-rhel9:v2.10.5-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multiclusterhub-rhel9:v2.10.5-12", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicluster-observability-rhel9-operator:v2.10.5-9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicluster-operators-application-rhel9:v2.10.5-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicluster-operators-channel-rhel9:v2.10.5-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicluster-operators-subscription-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/node-exporter-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/observatorium-rhel9:v2.10.5-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/observatorium-rhel9-operator:v2.10.5-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/prometheus-alertmanager-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/prometheus-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/rbac-query-proxy-rhel9:v2.10.5-9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/search-collector-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/submariner-addon-rhel9:v2.10.5-16", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/thanos-receive-controller-rhel9:v2.10.5-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6236", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/thanos-rhel9:v2.10.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:1328", "cpe": "cpe:/a:redhat:acm:2.9::el8", "package": "rhacm2/acm-governance-policy-addon-controller-rhel8:v2.9.3-9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.9 for RHEL 8", "release_date": "2024-03-14T00:00:00Z"}, {"advisory": "RHSA-2024:0489", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "cri-o-0:1.25.5-6.rhaos4.12.gitfcf6ef3.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-01-31T00:00:00Z"}, {"advisory": "RHSA-2024:0288", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "cri-o-0:1.26.4-9.1.rhaos4.13.gite26e057.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-01-24T00:00:00Z"}, {"advisory": "RHSA-2024:0741", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.13.0-202402070238.p0.gf116a0d.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2023:7681", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-clusterresourceoverride-rhel8:v4.14.0-202312060650.p0.g535611f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-12-12T00:00:00Z"}, {"advisory": "RHSA-2023:7681", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.14.0-202312060650.p0.gced4734.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-12-12T00:00:00Z"}, {"advisory": "RHSA-2023:7681", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-node-feature-discovery:v4.14.0-202312052033.p0.gaa5c125.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-12-12T00:00:00Z"}, {"advisory": "RHSA-2023:7831", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-powervs-block-csi-driver-operator-rhel8:v4.14.0-202312090034.p0.ga33b6b1.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-01-03T00:00:00Z"}, {"advisory": "RHSA-2023:7831", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-powervs-block-csi-driver-rhel8:v4.14.0-202312082233.p0.g90e87d7.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-01-03T00:00:00Z"}, {"advisory": "RHSA-2023:7831", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.14.0-202312082333.p0.g32c1028.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-01-03T00:00:00Z"}, {"advisory": "RHSA-2024:0204", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.14.0-202401090715.p0.g6516b6e.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-01-17T00:00:00Z"}, {"advisory": "RHSA-2024:0207", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "cri-o-0:1.27.2-7.rhaos4.14.git1cc7a64.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-01-17T00:00:00Z"}, {"advisory": "RHSA-2024:0642", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.14.0-202401292111.p0.g607e2dd.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:1458", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-operator-registry:v4.14.0-202403191142.p0.gdcfcfb3.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-03-27T00:00:00Z"}, {"advisory": "RHSA-2024:1891", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-kubevirt-cloud-controller-manager-rhel8:v4.14.0-202404161544.p0.g7d96f56.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-04-26T00:00:00Z"}, {"advisory": "RHSA-2024:5433", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.14.0-202408070332.p0.gd9800e1.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-08-22T00:00:00Z"}, {"advisory": "RHSA-2024:5433", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.14.0-202408070332.p0.g3985c55.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-08-22T00:00:00Z"}, {"advisory": "RHSA-2024:6406", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.14.0-202408260910.p0.gaccd877.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2023:7197", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator:v4.15.0-202402100738.p0.g751262e.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7197", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-node-feature-discovery-rhel9:v4.15.0-202401311148.p0.ge4929ab.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7197", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-secrets-store-csi-mustgather-rhel8:v4.15.0-202402082307.p0.gfe43620.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.15.0-202402082307.p0.g41b367a.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-aws-cloud-controller-manager-rhel9:v4.15.0-202401261531.p0.gba252ab.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-aws-ebs-csi-driver-rhel9:v4.15.0-202401261531.p0.gb692edb.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-aws-ebs-csi-driver-rhel9-operator:v4.15.0-202401261531.p0.gf258bd0.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.15.0-202402082307.p0.g160cf62.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-azure-disk-csi-driver-rhel9:v4.15.0-202401261531.p0.gdcb7e1c.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.15.0-202402082307.p0.g1c6294a.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-azure-file-csi-driver-rhel9:v4.15.0-202401261531.p0.g364d90d.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-cluster-csi-snapshot-controller-rhel9-operator:v4.15.0-202401261531.p0.g1afe553.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-cluster-storage-rhel9-operator:v4.15.0-202402050938.p0.g279df4f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.15.0-202402082307.p0.g8d017b7.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-csi-external-provisioner:v4.15.0-202402082307.p0.gce5a1a3.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-csi-external-provisioner-rhel8:v4.15.0-202402082307.p0.gce5a1a3.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-csi-node-driver-registrar:v4.15.0-202402082307.p0.g9005584.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.15.0-202402082307.p0.g9005584.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.15.0-202402082307.p0.g3b91ee3.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.15.0-202402082307.p0.g516264a.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.15.0-202402082307.p0.g2367f2c.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.15.0-202402082307.p0.ge0d4657.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.15.0-202402082307.p0.ge0d4657.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-vsphere-csi-driver-syncer-rhel9:v4.15.0-202401261531.p0.g74481e3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2023:7198", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-vsphere-problem-detector-rhel9:v4.15.0-202401261531.p0.gde02a75.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2024:0766", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-aws-efs-csi-driver-rhel8-operator:v4.15.0-202402051038.p0.ga05ecc6.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-28T00:00:00Z"}, {"advisory": "RHSA-2024:1449", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-operator-registry-rhel9:v4.15.0-202403111911.p0.g59aa935.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-03-27T00:00:00Z"}, {"advisory": "RHSA-2024:1887", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-kubevirt-cloud-controller-manager-rhel9:v4.15.0-202404161612.p0.gdbaf9ea.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-04-25T00:00:00Z"}, {"advisory": "RHSA-2024:2773", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-cluster-openshift-controller-manager-rhel9-operator:v4.15.0-202405032206.p0.g9c4fb81.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-05-15T00:00:00Z"}, {"advisory": "RHSA-2024:2865", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-azure-cloud-node-manager-rhel9:v4.15.0-202405131916.p0.g0d799a2.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-05-21T00:00:00Z"}, {"advisory": "RHSA-2024:6409", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-ibm-cloud-controller-manager-rhel9:v4.15.0-202409040406.p0.gcc0d541.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:6637", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-vsphere-cloud-controller-manager-rhel9:v4.15.0-202409100606.p0.g81ad52a.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-aws-cloud-controller-manager-rhel9:v4.16.0-202406131906.p0.ga53e9de.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-aws-ebs-csi-driver-rhel9:v4.16.0-202406131906.p0.g1d29a74.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-aws-ebs-csi-driver-rhel9-operator:v4.16.0-202406131906.p0.gff69cd0.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-azure-disk-csi-driver-rhel9-operator:v4.16.0-202406131906.p0.gff69cd0.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-azure-file-csi-driver-operator-rhel9:v4.16.0-202406131906.p0.gff69cd0.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-azure-file-csi-driver-rhel9:v4.16.0-202406131906.p0.g5ceb190.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cluster-csi-snapshot-controller-rhel9-operator:v4.16.0-202406131906.p0.g439826e.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cluster-monitoring-rhel9-operator:v4.16.0-202406131906.p0.ge008398.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cluster-openshift-controller-manager-rhel9-operator:v4.16.0-202406131906.p0.g8996996.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cluster-storage-rhel9-operator:v4.16.0-202406131906.p0.g7cb8267.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-csi-driver-manila-rhel9-operator:v4.16.0-202406131906.p0.g6de0dc7.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-csi-external-provisioner-rhel9:v4.16.0-202406131906.p0.g9e8af01.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-csi-node-driver-registrar-rhel9:v4.16.0-202406131906.p0.g8930c36.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-gcp-pd-csi-driver-operator-rhel9:v4.16.0-202406131906.p0.g799327f.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-ibm-vpc-block-csi-driver-rhel9-operator:v4.16.0-202406131906.p0.g34fc9a4.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-insights-rhel9-operator:v4.16.0-202406131906.p0.g3c7446c.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-openshift-controller-manager-rhel9:v4.16.0-202406131906.p0.g1432fe0.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-vmware-vsphere-csi-driver-rhel9-operator:v4.16.0-202406131906.p0.g483de9c.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-vsphere-csi-driver-rhel9-operator:v4.16.0-202406131906.p0.g483de9c.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-vsphere-csi-driver-syncer-rhel9:v4.16.0-202406131906.p0.g3cd689f.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:6632", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-vsphere-cloud-controller-manager-rhel9:v4.16.0-202409060744.p0.g44ea2b5.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:4591", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package": "odf4/odf-csi-addons-sidecar-rhel9:v4.16.0-15", "product_name": "RHODF-4.16-RHEL-9", "release_date": "2024-07-17T00:00:00Z"}], "bugzilla": {"description": "opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound cardinality metrics", "id": "2251198", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251198"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-770", "details": ["OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.", "A memory exhaustion flaw was found in the otelgrpc handler of open-telemetry. This flaw may allow a remote unauthenticated attacker to flood the peer address and port and exhaust the server's memory by sending multiple malicious requests, affecting the availability of the system."], "mitigation": {"lang": "en:us", "value": "As a workaround, use a view removing the attributes. Another possibility is to disable grpc metrics instrumentation by passing otelgrpc.WithMeterProvider option with noop.NewMeterProvider."}, "name": "CVE-2023-47108", "package_state": [{"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Affected", "package_name": "cert-manager/cert-manager-operator-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Affected", "package_name": "cert-manager/jetstack-cert-manager-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:kube_descheduler_operator:5", "fix_state": "Not affected", "package_name": "kube-descheduler-operator/descheduler-rhel9", "product_name": "Kube Descheduler Operator"}, {"cpe": "cpe:/a:redhat:kube_descheduler_operator:5", "fix_state": "Not affected", "package_name": "kube-descheduler-operator/kube-descheduler-rhel9-operator", "product_name": "Kube Descheduler Operator"}, {"cpe": "cpe:/a:redhat:lvms:4", "fix_state": "Affected", "package_name": "lvms4/lvms-rhel9-operator", "product_name": "Logical Volume Manager Storage"}, {"cpe": "cpe:/a:redhat:lvms:4", "fix_state": "Will not fix", "package_name": "lvms4/topolvm-rhel9", "product_name": "Logical Volume Manager Storage"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Affected", "package_name": "multicluster-engine/addon-manager-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Affected", "package_name": "multicluster-engine/agent-service-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Not affected", "package_name": "multicluster-engine/hive-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Affected", "package_name": "multicluster-engine/hypershift-addon-rhel8-operator", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Affected", "package_name": "multicluster-engine/multicloud-manager-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Affected", "package_name": "multicluster-engine/multicluster-engine-hypershift-addon-rhel8-operator", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Affected", "package_name": "multicluster-engine/placement-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Affected", "package_name": "multicluster-engine/registration-operator-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Affected", "package_name": "multicluster-engine/registration-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Affected", "package_name": "multicluster-engine/work-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Not affected", "package_name": "oadp/oadp-kubevirt-velero-plugin-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Not affected", "package_name": "oadp/oadp-rhel8-operator", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Not affected", "package_name": "oadp/oadp-velero-plugin-for-aws-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Not affected", "package_name": "oadp/oadp-velero-plugin-for-csi-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Not affected", "package_name": "oadp/oadp-velero-plugin-for-gcp-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Not affected", "package_name": "oadp/oadp-velero-plugin-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Not affected", "package_name": "oadp/oadp-velero-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Not affected", "package_name": "oadp/oadp-volume-snapshot-mover-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Not affected", "package_name": "openshift-pipelines-client", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:run_once_duration_override_operator:1", "fix_state": "Not affected", "package_name": "run-once-duration-override-operator/run-once-duration-override-operator-rhel8", "product_name": "OpenShift Run Once Duration Override Operator"}, {"cpe": "cpe:/a:redhat:run_once_duration_override_operator:1", "fix_state": "Not affected", "package_name": "run-once-duration-override-operator/run-once-duration-override-rhel8", "product_name": "OpenShift Run Once Duration Override Operator"}, {"cpe": "cpe:/a:redhat:openshift_secondary_scheduler:1", "fix_state": "Not affected", "package_name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8", "product_name": "OpenShift Secondary Scheduler Operator"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/client-kn-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/eventing-mtping-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/ingress-rhel8-operator", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1-knative-client-plugin-event-sender-rhel8-container", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/kourier-control-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/net-istio-webhook-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/serving-queue-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1-tech-preview/eventing-kafka-broker-webhook-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Not affected", "package_name": "rhceph/rhceph-5-dashboard-rhel8", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/a:redhat:ceph_storage:6", "fix_state": "Not affected", "package_name": "rhceph/rhceph-6-dashboard-rhel9", "product_name": "Red Hat Ceph Storage 6"}, {"cpe": "cpe:/a:redhat:ceph_storage:7", "fix_state": "Affected", "package_name": "rhceph/grafana-rhel9", "product_name": "Red Hat Ceph Storage 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "osbuild-composer", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "ignition", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "osbuild-composer", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "cri-tools", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "microshift", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/kube-metrics-server-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/openshift-route-controller-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-agent-installer-api-server-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-azure-cluster-api-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-baremetal-cluster-api-controllers-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cloud-credential-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-authentication-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-bootstrap", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-capacity", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-config-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-cluster-etcd-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-image-registry-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-kube-apiserver-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-kube-controller-manager-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-kube-descheduler-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-kube-scheduler-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-machine-approver", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cluster-network-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-node-tuning-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-olm-operator-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-openshift-apiserver-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-policy-controller-rhel7", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-cluster-samples-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-version-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-console-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-csi-driver-manila-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-csi-driver-nfs-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-descheduler", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-etcd", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-gcp-cloud-controller-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-haproxy-router", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-ibmcloud-cluster-api-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-k8s-prometheus-adapter", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-kube-rbac-proxy", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-machine-api-provider-aws-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-machine-api-provider-azure-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-machine-api-provider-gcp-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-multus-networkpolicy-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-node", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-nutanix-cloud-controller-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-nutanix-machine-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-oauth-apiserver-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-oauth-proxy", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-oauth-server-rhel7", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-openshift-apiserver-rhel7", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-openstack-cluster-api-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-openstack-machine-controllers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-ptp", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-ptp-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-service-ca-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-smb-csi-driver-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-smb-csi-driver-rhel9-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-tests", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "ose-aws-ecr-image-credential-provider", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "ose-azure-acr-image-credential-provider", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "ose-haproxy-router-base-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/cephcsi-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/mcg-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/ocs-client-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/odf-lvm-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/odf-multicluster-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/odf-topolvm-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/odr-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf/odf-multicluster-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Not affected", "package_name": "odh-mcad-controller-container", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Not affected", "package_name": "rhods/odh-data-science-pipelines-operator-controller-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Not affected", "package_name": "rhods/odh-ml-pipelines-cache-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Not affected", "package_name": "rhods/odh-mm-rest-proxy-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Not affected", "package_name": "rhods/odh-model-controller-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Not affected", "package_name": "rhods/odh-modelmesh-serving-controller-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Not affected", "package_name": "rhods/odh-notebook-controller-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Not affected", "package_name": "rhods/odh-operator-base-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Not affected", "package_name": "rhods/odh-operator-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Not affected", "package_name": "rhods/odh-rhel8-operator", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-agent-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/opentelemetry-collector-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/tempo-gateway-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/tempo-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/argocd-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_sandboxed_containers:1", "fix_state": "Affected", "package_name": "openshift-sandboxed-containers-tech-preview/osc-rhel8-operator", "product_name": "Red Hat Openshift sandboxed containers"}], "public_date": "2023-11-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-47108\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-47108\nhttps://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-8pgv-569h-w5rw"], "statement": "While no authentication is required, there are a significant number of non-default factors that prevent widespread exploitation of this issue. To affect a service, all of the following must be true:\n- The go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc package must be in use\n- Configured a metrics pipeline that uses the UnaryServerInterceptor wrapper function\n- No filtering of unknown HTTP methods or user agents at a higher level, such as Content Delivery Network\nDue to the limited attack surface, Red Hat Product Security rates the impact of this flaw as Moderate.\ncluster-network-operator-container in Openshift Container Platform 4 is rated as low and Won't Fix as the stats are behind an RBAC proxy and isn't available to unauthenticated users.", "threat_severity": "Moderate", "upstream_fix": "opentelemetry-go-contrib 0.46.0"}