{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-28180", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-06T17:35:00.857Z", "datePublished": "2024-03-09T00:54:46.382Z", "dateUpdated": "2024-08-28T17:51:52.720Z"}, "containers": {"cna": {"title": "Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)", "problemTypes": [{"descriptions": [{"cweId": "CWE-409", "lang": "en", "description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g"}, {"name": "https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298", "tags": ["x_refsource_MISC"], "url": "https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298"}, {"name": "https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a", "tags": ["x_refsource_MISC"], "url": "https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a"}, {"name": "https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502", "tags": ["x_refsource_MISC"], "url": "https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/"}], "affected": [{"vendor": "go-jose", "product": "go-jose", "versions": [{"version": "< 4.0.1", "status": "affected"}, {"version": "< 3.0.3", "status": "affected"}, {"version": "< 2.6.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-09T00:54:46.382Z"}, "descriptions": [{"lang": "en", "value": "Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.\n"}], "source": {"advisory": "GHSA-c5q2-7r4c-mv6g", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.442Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g"}, {"name": "https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298"}, {"name": "https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a"}, {"name": "https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "go-jose_project", "product": "go-jose", "cpes": ["cpe:2.3:a:go-jose_project:go-jose:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.0.1", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "3.0.3", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "2.6.3", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-11T15:08:38.886435Z", "id": "CVE-2024-28180", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T17:51:52.720Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g", "name": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298", "name": "https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a", "name": "https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502", "name": "https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.442Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28180", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-11T15:08:38.886435Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:go-jose_project:go-jose:*:*:*:*:*:*:*:*"], "vendor": "go-jose_project", "product": "go-jose", "versions": [{"status": "affected", "version": "0", "lessThan": "4.0.1", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "3.0.3", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "2.6.3", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T17:51:46.349Z"}}], "cna": {"title": "Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)", "source": {"advisory": "GHSA-c5q2-7r4c-mv6g", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "go-jose", "product": "go-jose", "versions": [{"status": "affected", "version": "< 4.0.1"}, {"status": "affected", "version": "< 3.0.3"}, {"status": "affected", "version": "< 2.6.3"}]}], "references": [{"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g", "name": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298", "name": "https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a", "name": "https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502", "name": "https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502", "tags": ["x_refsource_MISC"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/"}], "descriptions": [{"lang": "en", "value": "Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-409", "description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-09T00:54:46.382Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28180", "state": "PUBLISHED", "dateUpdated": "2024-08-28T17:51:52.720Z", "dateReserved": "2024-03-06T17:35:00.857Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-09T00:54:46.382Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.\n"}, {"lang": "es", "value": "El paquete jose tiene como objetivo proporcionar una implementaci\u00f3n del conjunto de est\u00e1ndares de cifrado y firma de objetos Javascript. Un atacante podr\u00eda enviar un JWE que contenga datos comprimidos que utilicen grandes cantidades de memoria y CPU cuando los descomprima Decrypt o DecryptMulti. Esas funciones ahora devuelven un error si los datos descomprimidos superan los 250 kB o 10 veces el tama\u00f1o comprimido (lo que sea mayor). Esta vulnerabilidad ha sido parcheada en las versiones 4.0.1, 3.0.3 y 2.6.3."}], "id": "CVE-2024-28180", "lastModified": "2024-06-12T02:15:09.820", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-03-09T01:15:07.340", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298"}, {"source": "security-advisories@github.com", "url": "https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a"}, {"source": "security-advisories@github.com", "url": "https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502"}, {"source": "security-advisories@github.com", "url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-409"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:1859", "cpe": "cpe:/a:redhat:openshift_api_data_protection:1.3::el9", "package": "oadp/oadp-velero-plugin-rhel9:1.3.1-16", "product_name": "OADP-1.3-RHEL-9", "release_date": "2024-04-16T00:00:00Z"}, {"advisory": "RHSA-2024:1812", "cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.0::el8", "package": "custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8:2.12.1-376", "product_name": "OpenShift Custom Metrics Autoscaler 2", "release_date": "2024-04-15T00:00:00Z"}, {"advisory": "RHSA-2024:1812", "cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.0::el8", "package": "custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8:2.12.1-376", "product_name": "OpenShift Custom Metrics Autoscaler 2", "release_date": "2024-04-15T00:00:00Z"}, {"advisory": "RHSA-2024:1812", "cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.0::el8", "package": "custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle:2.12.1-376", "product_name": "OpenShift Custom Metrics Autoscaler 2", "release_date": "2024-04-15T00:00:00Z"}, {"advisory": "RHSA-2024:1812", "cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.0::el8", "package": "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8:2.12.1-376", "product_name": "OpenShift Custom Metrics Autoscaler 2", "release_date": "2024-04-15T00:00:00Z"}, {"advisory": "RHSA-2024:1812", "cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.0::el8", "package": "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator:2.12.1-376", "product_name": "OpenShift Custom Metrics Autoscaler 2", "release_date": "2024-04-15T00:00:00Z"}, {"advisory": "RHSA-2024:1570", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:4.4.0-17", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:3254", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:rhel8-8100020240419145834.afee755d", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:3968", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:rhel8-8100020240610105040.afee755d", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-06-18T00:00:00Z"}, {"advisory": "RHSA-2024:2549", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "skopeo-2:1.14.3-2.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:3826", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "podman-4:4.9.4-4.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-06-11T00:00:00Z"}, {"advisory": "RHSA-2024:3827", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "buildah-2:1.33.7-2.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-06-11T00:00:00Z"}, {"advisory": "RHSA-2024:2639", "cpe": "cpe:/a:redhat:rhmt:1.7::el8", "package": "rhmtc/openshift-velero-plugin-rhel8:v1.7.15-9", "product_name": "Red Hat Migration Toolkit for Containers 1.7", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:1574", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "cri-o-0:1.25.3-5.2.rhaos4.12.git44a2cb2.el9", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-04-03T00:00:00Z"}, {"advisory": "RHSA-2024:2784", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "skopeo-2:1.9.4-4.3.rhaos4.12.el9", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-05-16T00:00:00Z"}, {"advisory": "RHSA-2024:3349", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.12.0-202405141537.p0.g31917a5.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-05-30T00:00:00Z"}, {"advisory": "RHSA-2024:3349", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-cloud-credential-operator:v4.12.0-202405141537.p0.g54058b5.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-05-30T00:00:00Z"}, {"advisory": "RHSA-2024:3351", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "cri-o-0:1.25.5-19.2.rhaos4.12.gitba93e0a.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-05-30T00:00:00Z"}, {"advisory": "RHSA-2024:3351", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "podman-3:4.4.1-4.2.rhaos4.12.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-05-30T00:00:00Z"}, {"advisory": "RHSA-2024:4006", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-operator-registry:v4.12.0-202406180807.p0.gea15615.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:4006", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "redhat/redhat-operator-index:v4.12.0-202406180807.p0.gea15615.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:1456", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "cri-o-0:1.26.5-10.rhaos4.13.gita08b329.el9", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-03-27T00:00:00Z"}, {"advisory": "RHSA-2024:2049", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "skopeo-2:1.11.3-0.2.rhaos4.13.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-05-02T00:00:00Z"}, {"advisory": "RHSA-2024:2875", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.13.0-202405141537.p0.gae01a27.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:2875", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-cloud-credential-operator:v4.13.0-202405151107.p0.g02ab813.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:2877", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "cri-o-0:1.26.5-15.2.rhaos4.13.gitb742e63.el9", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:2877", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "podman-3:4.4.1-8.3.rhaos4.13.el9", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:4484", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-operator-registry:v4.13.0-202407081338.p0.gd8cfe86.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-07-17T00:00:00Z"}, {"advisory": "RHSA-2024:4484", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "redhat/redhat-operator-index:v4.13.0-202407081338.p0.gd8cfe86.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-07-17T00:00:00Z"}, {"advisory": "RHSA-2024:1567", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "cri-o-0:1.27.4-6.1.rhaos4.14.gitd09e4c0.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-04-03T00:00:00Z"}, {"advisory": "RHSA-2024:2054", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "skopeo-2:1.11.3-0.1.rhaos4.14.el9", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-05-02T00:00:00Z"}, {"advisory": "RHSA-2024:2672", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "cri-o-0:1.27.6-2.rhaos4.14.gitb3bd0bf.el9", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-05-09T00:00:00Z"}, {"advisory": "RHSA-2024:2672", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "podman-3:4.4.1-13.4.rhaos4.14.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-05-09T00:00:00Z"}, {"advisory": "RHSA-2024:2869", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.14.0-202405141639.p0.g2c864ca.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:2869", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-azure-workload-identity-webhook-rhel8:v4.14.0-202405141639.p0.gbcb88d9.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:2869", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cloud-credential-operator:v4.14.0-202405141639.p0.g67fe51e.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:3523", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-operator-registry:v4.14.0-202405222237.p0.g5e8dd92.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-06-10T00:00:00Z"}, {"advisory": "RHSA-2024:4010", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-telemeter:v4.14.0-202406180839.p0.g7e8f45b.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-06-26T00:00:00Z"}, {"advisory": "RHSA-2024:1563", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "cri-o-0:1.28.4-8.rhaos4.15.git24f50b9.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-04-02T00:00:00Z"}, {"advisory": "RHSA-2024:2071", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "skopeo-2:1.11.3-0.1.rhaos4.15.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-05-02T00:00:00Z"}, {"advisory": "RHSA-2024:2669", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "cri-o-0:1.28.6-2.rhaos4.15.git77bbb1c.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-05-09T00:00:00Z"}, {"advisory": "RHSA-2024:2669", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "podman-3:4.4.1-23.2.rhaos4.15.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-05-09T00:00:00Z"}, {"advisory": "RHSA-2024:2773", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-azure-workload-identity-webhook-rhel8:v4.15.0-202405080536.p0.g2333b7f.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-05-15T00:00:00Z"}, {"advisory": "RHSA-2024:2773", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-operator-registry-rhel9:v4.15.0-202405070106.p0.g50f148e.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-05-15T00:00:00Z"}, {"advisory": "RHSA-2024:2776", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift-clients-0:4.15.0-202405021207.p0.g7693229.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-05-15T00:00:00Z"}, {"advisory": "RHSA-2024:2865", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-aws-pod-identity-webhook-rhel9:v4.15.0-202405092349.p0.g1338503.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-05-21T00:00:00Z"}, {"advisory": "RHSA-2024:2865", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-cloud-credential-operator:v4.15.0-202405141637.p0.gaf5662f.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-05-21T00:00:00Z"}, {"advisory": "RHSA-2024:4041", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-docker-builder:v4.15.0-202406180807.p0.gb98fb65.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-06-26T00:00:00Z"}, {"advisory": "RHSA-2024:4041", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-telemeter-rhel9:v4.15.0-202406132106.p0.g82cd643.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-06-26T00:00:00Z"}, {"advisory": "RHSA-2024:3327", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-telemeter-rhel9:v4.15.0-202405220335.p0.g4dce8ff.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-05-29T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-aws-pod-identity-webhook-rhel9:v4.16.0-202406131906.p0.g746491a.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-azure-workload-identity-webhook-rhel9:v4.16.0-202406131906.p0.g4aca092.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cloud-credential-rhel9-operator:v4.16.0-202406131906.p0.g48b287d.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-docker-builder-rhel9:v4.16.0-202406131906.p0.gca2b36a.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-operator-registry-rhel9:v4.16.0-202406131906.p0.g1aacee6.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-telemeter-rhel9:v4.16.0-202406131906.p0.g6ab43e4.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "redhat/redhat-operator-index:v4.16.0-202406131906.p0.g1aacee6.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:6687", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-docker-builder-rhel9:v4.16.0-202409101737.p1.gfee4b58.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-09-19T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/grafana-rhel8:2.4.10-3", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/istio-cni-rhel8:2.4.10-4", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/istio-must-gather-rhel8:2.4.10-4", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/kiali-rhel8:1.65.15-3", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/pilot-rhel8:2.4.10-4", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/proxyv2-rhel8:2.4.10-3", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/ratelimit-rhel8:2.4.10-3", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:1946", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/grafana-rhel8:2.5.1-2", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-04-22T00:00:00Z"}, {"advisory": "RHSA-2024:1946", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/istio-cni-rhel8:2.5.1-8", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-04-22T00:00:00Z"}, {"advisory": "RHSA-2024:1946", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/istio-must-gather-rhel8:2.5.1-3", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-04-22T00:00:00Z"}, {"advisory": "RHSA-2024:1946", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/istio-rhel8-operator:2.5.1-7", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-04-22T00:00:00Z"}, {"advisory": "RHSA-2024:1946", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/kiali-ossmc-rhel8:1.73.7-2", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-04-22T00:00:00Z"}, {"advisory": "RHSA-2024:1946", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/kiali-rhel8:1.73.7-5", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-04-22T00:00:00Z"}, {"advisory": "RHSA-2024:1946", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/kiali-rhel8-operator:1.73.7-4", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-04-22T00:00:00Z"}, {"advisory": "RHSA-2024:1946", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/pilot-rhel8:2.5.1-8", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-04-22T00:00:00Z"}, {"advisory": "RHSA-2024:1946", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/proxyv2-rhel8:2.5.1-8", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-04-22T00:00:00Z"}, {"advisory": "RHSA-2024:1946", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/ratelimit-rhel8:2.5.1-2", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-04-22T00:00:00Z"}, {"advisory": "RHSA-2024:4455", "cpe": "cpe:/a:redhat:container_native_virtualization:4.16::el9", "package": "container-native-virtualization/virt-cdi-cloner-rhel9:v4.16.0-169", "product_name": "RHEL-9-CNV-4.16", "release_date": "2024-07-10T00:00:00Z"}, {"advisory": "RHSA-2024:4591", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package": "odf4/mcg-rhel9-operator:v4.16.0-38", "product_name": "RHODF-4.16-RHEL-9", "release_date": "2024-07-17T00:00:00Z"}, {"advisory": "RHSA-2024:4591", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package": "odf4/odf-cli-rhel9:v4.16.0-44", "product_name": "RHODF-4.16-RHEL-9", "release_date": "2024-07-17T00:00:00Z"}, {"advisory": "RHSA-2024:4591", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package": "odf4/odf-multicluster-rhel9-operator:v4.16.0-19", "product_name": "RHODF-4.16-RHEL-9", "release_date": "2024-07-17T00:00:00Z"}, {"advisory": "RHSA-2024:4591", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package": "odf4/rook-ceph-rhel9-operator:v4.16.0-66", "product_name": "RHODF-4.16-RHEL-9", "release_date": "2024-07-17T00:00:00Z"}, {"advisory": "RHSA-2024:2096", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/lokistack-gateway-rhel9:v0.1.0-520", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/client-kn-rhel8:1.12.0-4", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-controller-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-istio-controller-rhel8:1.12.0-4", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.12.0-4", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.12.0-4", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.12.0-4", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8:1.12.0-4", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.12.0-4", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-mtping-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-storage-version-migration-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-webhook-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/func-utils-rhel8:1.33.0-4", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/ingress-rhel8-operator:1.33.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/knative-rhel8-operator:1.33.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/kn-cli-artifacts-rhel8:1.12.0-4", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/kourier-control-rhel8:1.12.0-4", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/net-istio-controller-rhel8:1.12.0-4", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/net-istio-webhook-rhel8:1.12.0-4", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serverless-operator-bundle:1.33.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serverless-rhel8-operator:1.33.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-activator-rhel8:1.12.0-4", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.12.0-4", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-autoscaler-rhel8:1.12.0-4", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-controller-rhel8:1.12.0-4", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-queue-rhel8:1.12.0-4", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-storage-version-migration-rhel8:1.12.0-4", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-webhook-rhel8:1.12.0-4", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/svls-must-gather-rhel8:1.33.0-4", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1-tech-preview/backstage-plugins-eventmesh-rhel8:1.33.0-4", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4028", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8:1.12.0-4", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-20T00:00:00Z"}], "bugzilla": {"description": "jose-go: improper handling of highly compressed data", "id": "2268854", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268854"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-409", "details": ["Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.", "A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-28180", "package_state": [{"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Affected", "package_name": "cert-manager/jetstack-cert-manager-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:6", "fix_state": "Affected", "package_name": "mta/mta-hub-rhel8", "product_name": "Migration Toolkit for Applications 6"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:6", "fix_state": "Affected", "package_name": "mta/mta-windup-addon-rhel8", "product_name": "Migration Toolkit for Applications 6"}, {"cpe": "cpe:/a:redhat:rhmt", "fix_state": "Affected", "package_name": "rhmtc/openshift-migration-controller-rhel8", "product_name": "Migration Toolkit for Containers"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Not affected", "package_name": "multicluster-engine/agent-service-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Not affected", "package_name": "multicluster-engine/assisted-installer-agent-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Not affected", "package_name": "multicluster-engine/assisted-installer-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Not affected", "package_name": "multicluster-engine/console-mce-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Not affected", "package_name": "multicluster-engine/hypershift-cli-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Not affected", "package_name": "multicluster-engine/kube-rbac-proxy-mce-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Not affected", "package_name": "multicluster-engine/multicluster-engine-console-mce-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Affected", "package_name": "oadp/oadp-kubevirt-velero-plugin-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Affected", "package_name": "oadp/oadp-rhel8-operator", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Not affected", "package_name": "oadp/oadp-velero-plugin-for-aws-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Not affected", "package_name": "oadp/oadp-velero-plugin-for-csi-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Not affected", "package_name": "oadp/oadp-velero-plugin-for-gcp-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Not affected", "package_name": "oadp/oadp-velero-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Will not fix", "package_name": "ocp-tools-4/jenkins-rhel8", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines-client", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "jose-go", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "openshift-service-mesh/kiali-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/acm-grafana-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/console-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/kube-rbac-proxy-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/observatorium-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Out of support scope", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Affected", "package_name": "rhceph/rhceph-5-dashboard-rhel8", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/a:redhat:ceph_storage:6", "fix_state": "Affected", "package_name": "rhceph/rhceph-6-dashboard-rhel9", "product_name": "Red Hat Ceph Storage 6"}, {"cpe": "cpe:/a:redhat:ceph_storage:7", "fix_state": "Affected", "package_name": "rhceph/grafana-rhel9", "product_name": "Red Hat Ceph Storage 7"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Not affected", "package_name": "rhdh-hub-container", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "jose", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "podman", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/buildah", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/conmon", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/skopeo", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "jose", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "osbuild-composer", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "conmon", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "jose", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "osbuild-composer", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "openshift-external-storage", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "conmon", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "microshift", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/oc-mirror-plugin-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-agent-installer-api-server-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-agent-installer-csr-approver-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-agent-installer-node-agent-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-cluster-authentication-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-contour-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-hypershift-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-kube-rbac-proxy", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-libvirt-machine-controllers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-machine-config-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-network-interface-bond-cni-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-node-feature-discovery", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-oauth-server-rhel7", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-tests", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "ose-openshift-controller-manager-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:assisted_installer:", "fix_state": "Affected", "package_name": "rhai-tech-preview/assisted-installer-agent-rhel8", "product_name": "Red Hat OpenShift Container Platform Assisted Installer"}, {"cpe": "cpe:/a:redhat:assisted_installer:", "fix_state": "Affected", "package_name": "rhai-tech-preview/assisted-installer-rhel8", "product_name": "Red Hat OpenShift Container Platform Assisted Installer"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "mcg", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "ocs4/cephcsi-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "ocs4/mcg-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "ocs4/ocs-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Will not fix", "package_name": "ocs4/rook-ceph-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "ocs4/volume-replication-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "mcg", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/cephcsi-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/mcg-cli-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/ocs-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Will not fix", "package_name": "odf4/odf-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Affected", "package_name": "rhods/odh-dashboard-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Affected", "package_name": "rhods/odh-ml-pipelines-cache-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Affected", "package_name": "rhods/odh-operator-base-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Not affected", "package_name": "devspaces/code-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Not affected", "package_name": "devspaces/dashboard-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Affected", "package_name": "devspaces/devspaces-rhel8-operator", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Affected", "package_name": "devspaces/traefik-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Affected", "package_name": "rhosdt/tempo-gateway-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/argocd-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/dex-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_service_on_aws:1", "fix_state": "Affected", "package_name": "rosa", "product_name": "Red Hat OpenShift on AWS"}, {"cpe": "cpe:/a:redhat:openshift_sandboxed_containers:1", "fix_state": "Affected", "package_name": "openshift-sandboxed-containers-tech-preview/osc-rhel8-operator", "product_name": "Red Hat Openshift sandboxed containers"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/virt-cdi-cloner", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Will not fix", "package_name": "osp-director-provisioner-container", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/clair-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-builder-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-operator-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "rhgs3/rhgs-gluster-block-prov-rhel7", "product_name": "Red Hat Storage 3"}], "public_date": "2024-03-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-28180\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-28180\nhttps://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g"], "threat_severity": "Moderate", "upstream_fix": "go-jose 4.0.1, go-jose 3.0.3, go-jose 2.6.3"}