{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-49568", "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "state": "PUBLISHED", "assignerShortName": "Bitdefender", "dateReserved": "2023-11-27T14:21:51.157Z", "datePublished": "2024-01-12T10:36:12.727Z", "dateUpdated": "2024-08-02T22:01:25.669Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "go-git", "vendor": "go-git", "versions": [{"status": "affected", "version": "5.11.0"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Ionu\u021b Lalu"}], "datePublic": "2024-01-12T10:16:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A denial of service (DoS) vulnerability was discovered in go-git versions prior to <code>v5.11</code>. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in <code>go-git</code>&nbsp;clients.</p><p>Applications using only the in-memory filesystem supported by <code>go-git</code>&nbsp;are not affected by this vulnerability.<br>This is a <code>go-git</code>&nbsp;implementation issue and does not affect the upstream <code>git</code>&nbsp;cli.</p><br>"}], "value": "A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git\u00a0clients.\n\nApplications using only the in-memory filesystem supported by go-git\u00a0are not affected by this vulnerability.\nThis is a go-git\u00a0implementation issue and does not affect the upstream git\u00a0cli.\n\n\n"}], "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender", "dateUpdated": "2024-01-12T10:36:12.727Z"}, "references": [{"url": "https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An upgrade to v. 5.11 fixes this issue<br>"}], "value": "An upgrade to v. 5.11 fixes this issue\n"}], "source": {"advisory": "GHSA-mw99-9chc-xw7r", "discovery": "EXTERNAL"}, "title": "Maliciously crafted Git server replies can cause DoS on go-git clients", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:01:25.669Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:go-git_project:go-git:*:*:*:*:*:go:*:*", "matchCriteriaId": "61C9245F-61A4-4756-83B1-13CE56E28FF0", "versionEndExcluding": "5.11.0", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git\u00a0clients.\n\nApplications using only the in-memory filesystem supported by go-git\u00a0are not affected by this vulnerability.\nThis is a go-git\u00a0implementation issue and does not affect the upstream git\u00a0cli.\n\n\n"}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en versiones de go-git anteriores a la v5.11. Esta vulnerabilidad permite a un atacante realizar ataques de denegaci\u00f3n de servicio proporcionando respuestas especialmente manipuladas desde un servidor Git que provoca el agotamiento de los recursos en los clientes go-git. Las aplicaciones que utilizan \u00fanicamente el sistema de archivos en memoria compatible con go-git no se ven afectadas por esta vulnerabilidad. Este es un problema de implementaci\u00f3n de go-git y no afecta el cli de git ascendente."}], "id": "CVE-2023-49568", "lastModified": "2024-01-22T17:57:41.193", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}, "published": "2024-01-12T11:15:12.680", "references": [{"source": "cve-requests@bitdefender.com", "tags": ["Vendor Advisory"], "url": "https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r"}], "sourceIdentifier": "cve-requests@bitdefender.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:0989", "cpe": "cpe:/a:redhat:multicluster_globalhub:1.0::el8", "package": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8:v1.0.2-4", "product_name": "multicluster-globalhub 1.0 for RHEL 8", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-controller-rhel8:v1.0.1-4", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-git-cloner-rhel8:v1.0.1-4", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-image-bundler-rhel8:v1.0.1-4", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-image-processing-rhel8:v1.0.1-4", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-operator-bundle:v1.0.1-11", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-rhel8-operator:v1.0.1-6", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-waiters-rhel8:v1.0.1-4", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-webhook-rhel8:v1.0.1-4", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:0880", "cpe": "cpe:/a:redhat:serverless:1.0::el8", "package": "openshift-serverless-clients-0:1.10.0-6.el8", "product_name": "Openshift Serverless 1 on RHEL 8", "release_date": "2024-02-20T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-governance-policy-addon-controller-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-governance-policy-framework-addon-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-grafana-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-must-gather-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-operator-bundle:v2.7.11-14", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-prometheus-config-reloader-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-prometheus-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-search-indexer-rhel8:v2.7.11-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-search-v2-api-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-search-v2-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-volsync-addon-controller-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/cert-policy-controller-rhel8:v2.7.11-7", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/cluster-backup-rhel8-operator:v2.7.11-10", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/config-policy-controller-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/console-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/endpoint-monitoring-rhel8-operator:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/governance-policy-propagator-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/grafana-dashboard-loader-rhel8:v2.7.11-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/iam-policy-controller-rhel8:v2.7.11-7", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/insights-client-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/insights-metrics-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/klusterlet-addon-controller-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/kube-rbac-proxy-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/kube-state-metrics-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/memcached-exporter-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/memcached-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/metrics-collector-rhel8:v2.7.11-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/multicloud-integrations-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/multiclusterhub-rhel8:v2.7.11-7", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/multicluster-observability-rhel8-operator:v2.7.11-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/multicluster-operators-application-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/multicluster-operators-channel-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/multicluster-operators-subscription-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/node-exporter-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/observatorium-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/observatorium-rhel8-operator:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/prometheus-alertmanager-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/prometheus-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/rbac-query-proxy-rhel8:v2.7.11-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/search-collector-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/submariner-addon-rhel8:v2.7.11-7", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/thanos-receive-controller-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/thanos-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0820", "cpe": "cpe:/a:redhat:acm:2.8::el8", "package": "rhacm2/multicluster-operators-subscription-rhel8:v2.8.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.8 for RHEL 8", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2024:0298", "cpe": "cpe:/a:redhat:acm:2.9::el8", "package": "rhacm2/multicluster-operators-subscription-rhel8:v2.9.2-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.9 for RHEL 8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:1570", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-central-db-rhel8:4.4.0-9", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1570", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:4.4.0-17", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1570", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-rhel8-operator:4.4.0-9", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1570", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-roxctl-rhel8:4.4.0-9", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1570", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-scanner-db-rhel8:4.4.0-11", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1570", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.4.0-2", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1570", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-scanner-rhel8:4.4.0-11", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1570", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-scanner-slim-rhel8:4.4.0-11", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:3925", "cpe": "cpe:/a:redhat:ceph_storage:7.1::el8", "package": "ceph-2:18.2.1-194.el8cp", "product_name": "Red Hat Ceph Storage 7.1", "release_date": "2024-06-14T00:00:00Z"}, {"advisory": "RHSA-2024:0832", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-ansible-operator:v4.12.0-202402081808.p0.g0bd975e.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:0832", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-helm-operator:v4.12.0-202402081808.p0.g0bd975e.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:0832", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-operator-sdk-rhel8:v4.12.0-202402081808.p0.g0bd975e.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:0833", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-operator-lifecycle-manager:v4.12.0-202402111607.p0.g9dd28b4.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:0833", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-operator-registry:v4.12.0-202402111607.p0.g9dd28b4.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:1052", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-olm-rukpak-rhel8:v4.12.0-202402161937.p0.gf219ce7.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-03-06T00:00:00Z"}, {"advisory": "RHSA-2024:1896", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/oc-mirror-plugin-rhel8:v4.12.0-202404171248.p0.g3f39dc6.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-04-25T00:00:00Z"}, {"advisory": "RHSA-2024:0740", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-ansible-operator:v4.13.0-202402020908.p0.g01bfabb.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2024:0740", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-helm-operator:v4.13.0-202402020908.p0.g01bfabb.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2024:0740", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-operator-sdk-rhel8:v4.13.0-202402071637.p0.g01bfabb.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2024:0741", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-olm-rukpak-rhel8:v4.13.0-202402070238.p0.gaf47118.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2024:0845", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-operator-lifecycle-manager:v4.13.0-202402081808.p0.g4cc5232.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:0845", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-operator-registry:v4.13.0-202402081808.p0.g4cc5232.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:2047", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/oc-mirror-plugin-rhel8:v4.13.0-202404200313.p0.g02367d7.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-05-02T00:00:00Z"}, {"advisory": "RHSA-2024:0641", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-ansible-operator:v4.14.0-202401301709.p0.g0f0d1b2.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0641", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-helm-operator:v4.14.0-202401301709.p0.g0f0d1b2.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0641", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-operator-sdk-rhel8:v4.14.0-202401301709.p0.g0f0d1b2.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0642", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-olm-catalogd-rhel8:v4.14.0-202401292111.p0.ga333cb0.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0642", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-olm-operator-controller-rhel8:v4.14.0-202401292111.p0.gfb6fb27.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0642", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-operator-lifecycle-manager:v4.14.0-202402010409.p0.gb831504.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0642", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-operator-registry:v4.14.0-202402010409.p0.gb831504.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0735", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-olm-rukpak-rhel8:v4.14.0-202402060410.p0.g2287fb2.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-13T00:00:00Z"}, {"advisory": "RHSA-2024:1891", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/oc-mirror-plugin-rhel8:v4.14.0-202404161544.p0.ga0733c1.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-04-26T00:00:00Z"}, {"advisory": "RHSA-2024:4010", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-tools-rhel8:v4.14.0-202406180839.p0.gaa6e2f2.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-06-26T00:00:00Z"}, {"advisory": "RHSA-2024:3889", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-tools-rhel8:v4.15.0-202406101406.p0.g44edfb5.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-06-18T00:00:00Z"}, {"advisory": "RHSA-2024:1887", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/oc-mirror-plugin-rhel9:v4.15.0-202404161612.p0.g85c8f6f.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-04-25T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/argocd-rhel8:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/argo-rollouts-rhel8:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/console-plugin-rhel8:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/dex-rhel8:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/gitops-operator-bundle:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/gitops-rhel8:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/gitops-rhel8-operator:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/kam-delivery-rhel8:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/must-gather-rhel8:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0691", "cpe": "cpe:/a:redhat:openshift_gitops:1.9::el9", "package": "openshift-gitops-1/argocd-rhel8:v1.9.4-1", "product_name": "Red Hat OpenShift GitOps 1.9", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0691", "cpe": "cpe:/a:redhat:openshift_gitops:1.9::el9", "package": "openshift-gitops-1/argo-rollouts-rhel8:v1.9.4-1", "product_name": "Red Hat OpenShift GitOps 1.9", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0691", "cpe": "cpe:/a:redhat:openshift_gitops:1.9::el9", "package": "openshift-gitops-1/console-plugin-rhel8:v1.9.4-1", "product_name": "Red Hat OpenShift GitOps 1.9", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0691", "cpe": "cpe:/a:redhat:openshift_gitops:1.9::el9", "package": "openshift-gitops-1/dex-rhel8:v1.9.4-1", "product_name": "Red Hat OpenShift GitOps 1.9", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0691", "cpe": "cpe:/a:redhat:openshift_gitops:1.9::el9", "package": "openshift-gitops-1/gitops-operator-bundle:v1.9.4-1", "product_name": "Red Hat OpenShift GitOps 1.9", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0691", "cpe": "cpe:/a:redhat:openshift_gitops:1.9::el9", "package": "openshift-gitops-1/gitops-rhel8:v1.9.4-1", "product_name": "Red Hat OpenShift GitOps 1.9", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0691", "cpe": "cpe:/a:redhat:openshift_gitops:1.9::el9", "package": "openshift-gitops-1/gitops-rhel8-operator:v1.9.4-1", "product_name": "Red Hat OpenShift GitOps 1.9", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0691", "cpe": "cpe:/a:redhat:openshift_gitops:1.9::el9", "package": "openshift-gitops-1/kam-delivery-rhel8:v1.9.4-1", "product_name": "Red Hat OpenShift GitOps 1.9", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0691", "cpe": "cpe:/a:redhat:openshift_gitops:1.9::el9", "package": "openshift-gitops-1/must-gather-rhel8:v1.9.4-1", "product_name": "Red Hat OpenShift GitOps 1.9", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/client-kn-rhel8:1.10.0-5", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-controller-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-istio-controller-rhel8:1.10.0-5", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.10.0-3", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.10.0-3", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.10.0-3", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8:1.10.0-3", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.10.0-3", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-mtping-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-storage-version-migration-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-webhook-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/func-utils-rhel8:1.31.1-2", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/ingress-rhel8-operator:1.31.1-2", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/knative-rhel8-operator:1.31.1-2", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/kn-cli-artifacts-rhel8:1.10.0-3", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/kourier-control-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/net-istio-controller-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/net-istio-webhook-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serverless-operator-bundle:1.31.1-1", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serverless-rhel8-operator:1.31.1-2", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-activator-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-autoscaler-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-controller-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-domain-mapping-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-queue-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-storage-version-migration-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-webhook-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/svls-must-gather-rhel8:1.31.1-2", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1-tech-preview/eventing-istio-controller-rhel8:1.10.0-5", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1-tech-preview/logic-swf-builder-rhel8:1.31.0-5", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1-tech-preview/logic-swf-devmode-rhel8:1.31.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}], "bugzilla": {"description": "go-git: Maliciously crafted Git server replies can cause DoS on go-git clients", "id": "2258165", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258165"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git\u00a0clients.\nApplications using only the in-memory filesystem supported by go-git\u00a0are not affected by this vulnerability.\nThis is a go-git\u00a0implementation issue and does not affect the upstream git\u00a0cli.", "A denial of service (DoS) vulnerability was found in the go library go-git. This issue may allow an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients."], "mitigation": {"lang": "en:us", "value": "In cases where a bump to the latest version of go-git is not possible, a recommendation to reduce the exposure of this threat is limiting its use to only trust-worthy Git servers."}, "name": "CVE-2023-49568", "package_state": [{"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Affected", "package_name": "odo", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Will not fix", "package_name": "hub-of-hubs-gitops", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "multicluster-engine", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Will not fix", "package_name": "multicluster-engine-assisted-installer-reporter", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Will not fix", "package_name": "multicluster-engine-assisted-service", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "multicluster-globalhub-grafana", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/cluster-curator-controller-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/clusterlifecycle-state-metrics-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/multicluster-operators-subscription-release-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/openshift-hive-rhel7", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/submariner-rhel8-operator", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-central-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-rhel8-operator", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-roxctl-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-scanner-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-scanner-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-scanner-slim-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:ceph_storage:6", "fix_state": "Affected", "package_name": "rhceph/rhceph-6-dashboard-rhel9", "product_name": "Red Hat Ceph Storage 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "cri-o", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cli", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cli-artifacts", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cli-artifacts-alt-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-deployer", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift-clients", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/odf-csi-addons-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/odf-csi-addons-sidecar-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/odr-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-ml-pipelines-api-server-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-ml-pipelines-artifact-manager-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-ml-pipelines-cache-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-ml-pipelines-persistenceagent-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-ml-pipelines-viewercontroller-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Will not fix", "package_name": "devspaces/devspaces-rhel8-operator", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/cluster-network-addons-operator", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/cluster-network-addons-operator-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "osp-director-provisioner-container", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "rhosp-rhel8/osp-director-agent", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "rhosp-rhel8-tech-preview/osp-director-downloader", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "rhosp-rhel8-tech-preview/osp-director-operator", "product_name": "Red Hat OpenStack Platform 16.2"}], "public_date": "2023-12-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-49568\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-49568\nhttps://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r"], "statement": "This problem only affects the go implementation and not the original git cli code. Applications using only in-memory filesystems are not affected by this issue. Clients should be limited to connect to only trusted git servers to reduce the risk of compromise.", "threat_severity": "Important", "upstream_fix": "go-git 5.11"}