{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-3727", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-04-12T17:56:37.261Z", "datePublished": "2024-05-09T14:57:21.327Z", "dateUpdated": "2024-11-13T20:51:37.836Z"}, "containers": {"cna": {"title": "Containers/image: digest type does not guarantee valid type", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "5.29.3", "versionType": "semver"}, {"status": "affected", "version": "5.30.0", "lessThan": "5.30.1", "versionType": "semver"}], "packageName": "image", "collectionURL": "https://github.com/containers/image", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.4.5-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-collector-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.4.5-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-collector-slim-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.4.5-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.4.5-4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "4.4.5-3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-rhel8-operator", "defaultStatus": "affected", "versions": [{"version": "4.4.5-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.4.5-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.4.5-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.4.5-3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.4.5-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.4.5-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.4.5-3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-v4-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.4.5-3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.5.2-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-collector-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.5.2-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-collector-slim-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.5.2-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.5.2-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "4.5.2-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-rhel8-operator", "defaultStatus": "affected", "versions": [{"version": "4.5.2-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.5.2-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.5.2-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.5.2-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.5.2-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.5.2-1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.5.2-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-v4-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.5.2-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-tools:rhel8", "defaultStatus": "affected", "versions": [{"version": "8100020240808093819.afee755d", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "buildah", "defaultStatus": "affected", "versions": [{"version": "2:1.37.2-1.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "skopeo", "defaultStatus": "affected", "versions": [{"version": "2:1.16.1-1.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "podman", "defaultStatus": "affected", "versions": [{"version": "2:5.2.2-1.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Migration Toolkit for Containers 1.8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhmtc/openshift-migration-controller-rhel8", "defaultStatus": "affected", "versions": [{"version": "v1.8.4-22", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhmt:1.8::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "podman", "defaultStatus": "affected", "versions": [{"version": "3:4.4.1-14.rhaos4.13.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_ironic:4.13::el9", "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "skopeo", "defaultStatus": "affected", "versions": [{"version": "2:1.11.3-3.rhaos4.13.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_ironic:4.13::el9", "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.14", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-operator-lifecycle-manager", "defaultStatus": "affected", "versions": [{"version": "v4.14.0-202407260439.p0.g8d9b39e.assembly.stream.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.14", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "podman", "defaultStatus": "affected", "versions": [{"version": "3:4.4.1-19.rhaos4.14.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_ironic:4.14::el9", "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.14", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "skopeo", "defaultStatus": "affected", "versions": [{"version": "2:1.11.3-3.rhaos4.14.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_ironic:4.14::el9", "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.15", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "podman", "defaultStatus": "affected", "versions": [{"version": "3:4.4.1-30.rhaos4.15.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift_ironic:4.15::el9", "cpe:/a:redhat:openshift:4.15::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.15", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "skopeo", "defaultStatus": "affected", "versions": [{"version": "2:1.11.3-4.rhaos4.15.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift_ironic:4.15::el9", "cpe:/a:redhat:openshift:4.15::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.15", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-agent-installer-node-agent-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-202410230304.p0.g366295f.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.15", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-agent-installer-orchestrator-rhel8", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-202410230304.p0.gfde2b2e.assembly.stream.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.15", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-operator-lifecycle-manager-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-202407230407.p0.gf3f8de5.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "podman", "defaultStatus": "affected", "versions": [{"version": "4:4.9.4-5.1.rhaos4.16.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.16::el9", "cpe:/a:redhat:openshift:4.16::el8", "cpe:/a:redhat:openshift_ironic:4.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "skopeo", "defaultStatus": "affected", "versions": [{"version": "2:1.14.4-1.rhaos4.16.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.16::el9", "cpe:/a:redhat:openshift:4.16::el8", "cpe:/a:redhat:openshift_ironic:4.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "cri-o", "defaultStatus": "affected", "versions": [{"version": "0:1.29.5-7.rhaos4.16.git7db4ada.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.16::el9", "cpe:/a:redhat:openshift:4.16::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-operator-lifecycle-manager-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.16.0-202407171536.p0.g1551101.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-machine-config-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "v4.16.0-202409162206.p0.g6a425ab.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-agent-installer-orchestrator-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.16.0-202409231504.p0.g342902b.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-agent-installer-node-agent-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.16.0-202410172201.p0.gb121e87.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.17", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-machine-config-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "v4.17.0-202409122005.p0.gb170ad0.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.17", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-olm-operator-controller-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.17.0-202409100034.p0.g8d16b39.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.17", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-operator-lifecycle-manager-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.17", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-operator-registry-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.17::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.17", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-agent-installer-orchestrator-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.17.0-202410022234.p0.gfbc55c6.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.17::el9"]}, {"vendor": "Red Hat", "product": "RHEL-9-CNV-4.15", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "container-native-virtualization/virt-cdi-controller-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.15.5-7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:container_native_virtualization:4.15::el9"]}, {"vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "multicluster-engine/agent-service-rhel8", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:multicluster_engine"]}, {"vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "multicluster-engine/assisted-installer-agent-rhel8", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:multicluster_engine"]}, {"vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "multicluster-engine/assisted-installer-reporter-rhel8", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:multicluster_engine"]}, {"vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "multicluster-engine/assisted-installer-rhel8", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:multicluster_engine"]}, {"vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "multicluster-engine/hive-rhel8", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:multicluster_engine"]}, {"vendor": "Red Hat", "product": "OpenShift API for Data Protection", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "oadp/oadp-velero-plugin-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_api_data_protection:1"]}, {"vendor": "Red Hat", "product": "OpenShift Developer Tools and Services", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ocp-tools-4/jenkins-agent-base-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:ocp_tools"]}, {"vendor": "Red Hat", "product": "OpenShift Developer Tools and Services", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ocp-tools-4/jenkins-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:ocp_tools"]}, {"vendor": "Red Hat", "product": "OpenShift Serverless", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-serverless-1/client-kn-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:serverless:1"]}, {"vendor": "Red Hat", "product": "OpenShift Serverless", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-serverless-clients", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:serverless:1"]}, {"vendor": "Red Hat", "product": "OpenShift Source-to-Image (S2I)", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "source-to-image-container", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:source_to_image:1"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhacm2/submariner-rhel8-operator", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:acm:2"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:3"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:3"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-rhel8-operator", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:3"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:3"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:3"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:3"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-scanner-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:3"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:3"]}, {"vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 1.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-clients", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:ansible_automation_platform"]}, {"vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-clients", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:ansible_automation_platform:2"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "buildah", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "podman", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "skopeo", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-tools:4.0/buildah", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-tools:4.0/conmon", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-tools:4.0/containers-common", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-tools:4.0/podman", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-tools:4.0/skopeo", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "osbuild-composer", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "conmon", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "containers-common", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "osbuild-composer", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 3.11", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "atomic-openshift", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:openshift:3.11"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 3.11", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "podman", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:openshift:3.11"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "buildah", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "conmon", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "containers-common", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/oc-mirror-plugin-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-agent-installer-api-server-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-agent-installer-csr-approver-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-baremetal-installer-rhel7", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-cli", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-cli-artifacts", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-deployer", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-docker-builder", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-installer", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-installer-altinfra-rhel8", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-installer-artifacts", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-olm-rukpak-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-openshift-apiserver-rhel7", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-openshift-controller-manager-rhel7", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-openshift-proxy-pull-test-rhel8", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-tools-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-clients", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "ose-installer-terraform-providers-container", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform Assisted Installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhai-tech-preview/assisted-installer-agent-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:assisted_installer:"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform Assisted Installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhai-tech-preview/assisted-installer-reporter-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:assisted_installer:"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform Assisted Installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhai-tech-preview/assisted-installer-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:assisted_installer:"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Dev Spaces", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "devspaces/udi-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_devspaces:3::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift sandboxed containers", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-sandboxed-containers-tech-preview/osc-must-gather-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_sandboxed_containers:1"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift sandboxed containers", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-sandboxed-containers-tech-preview/osc-rhel8-operator", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_sandboxed_containers:1"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-apiserver", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-apiserver-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-cloner", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-cloner-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-controller", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-importer", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-importer-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-operator", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-operator-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-uploadproxy", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-uploadproxy-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-uploadserver", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-uploadserver-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "osp-director-provisioner-container", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:16.2"]}, {"vendor": "Red Hat", "product": "Red Hat Quay 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "quay/quay-builder-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:quay:3"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:0045", "name": "RHSA-2024:0045", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3718", "name": "RHSA-2024:3718", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4159", "name": "RHSA-2024:4159", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4613", "name": "RHSA-2024:4613", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4850", "name": "RHSA-2024:4850", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4960", "name": "RHSA-2024:4960", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:5258", "name": "RHSA-2024:5258", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:5951", "name": "RHSA-2024:5951", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6054", "name": "RHSA-2024:6054", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6708", "name": "RHSA-2024:6708", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6824", "name": "RHSA-2024:6824", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:7164", "name": "RHSA-2024:7164", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:7174", "name": "RHSA-2024:7174", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:7182", "name": "RHSA-2024:7182", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:7187", "name": "RHSA-2024:7187", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:7922", "name": "RHSA-2024:7922", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:7941", "name": "RHSA-2024:7941", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:8260", "name": "RHSA-2024:8260", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:8425", "name": "RHSA-2024:8425", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:9097", "name": "RHSA-2024:9097", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:9098", "name": "RHSA-2024:9098", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:9102", "name": "RHSA-2024:9102", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3727", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", "name": "RHBZ#2274767", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-05-09T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-354", "description": "Improper Validation of Integrity Check Value", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-354: Improper Validation of Integrity Check Value", "timeline": [{"lang": "en", "time": "2024-04-12T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-05-09T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-13T20:51:37.836Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3727", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-13T17:59:41.318223Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:33:13.046Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:20:01.029Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:0045", "name": "RHSA-2024:0045", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4159", "name": "RHSA-2024:4159", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4613", "name": "RHSA-2024:4613", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3727", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", "name": "RHBZ#2274767", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:0045", "name": "RHSA-2024:0045", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4159", "name": "RHSA-2024:4159", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4613", "name": "RHSA-2024:4613", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3727", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", "name": "RHBZ#2274767", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:20:01.029Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3727", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-13T17:59:41.318223Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-13T18:00:15.184Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Containers/image: digest type does not guarantee valid type", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "5.29.3", "versionType": "semver"}, {"status": "affected", "version": "5.30.0", "lessThan": "5.30.1", "versionType": "semver"}], "packageName": "image", "collectionURL": "https://github.com/containers/image", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "versions": [{"status": "unaffected", "version": "4.4.5-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "versions": [{"status": "unaffected", "version": "4.4.5-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-collector-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "versions": [{"status": "unaffected", "version": "4.4.5-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-collector-slim-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "versions": [{"status": "unaffected", "version": "4.4.5-4", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-main-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "versions": [{"status": "unaffected", "version": "4.4.5-3", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "versions": [{"status": "unaffected", "version": "4.4.5-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-rhel8-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "versions": [{"status": "unaffected", "version": "4.4.5-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "versions": [{"status": "unaffected", "version": "4.4.5-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "versions": [{"status": "unaffected", "version": "4.4.5-3", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "versions": [{"status": "unaffected", "version": "4.4.5-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "versions": [{"status": "unaffected", "version": "4.4.5-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "versions": [{"status": "unaffected", "version": "4.4.5-3", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.4::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.4", "versions": [{"status": "unaffected", "version": "4.4.5-3", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-v4-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "versions": [{"status": "unaffected", "version": "4.5.2-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "versions": [{"status": "unaffected", "version": "4.5.2-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-collector-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "versions": [{"status": "unaffected", "version": "4.5.2-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-collector-slim-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "versions": [{"status": "unaffected", "version": "4.5.2-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-main-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "versions": [{"status": "unaffected", "version": "4.5.2-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "versions": [{"status": "unaffected", "version": "4.5.2-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-rhel8-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "versions": [{"status": "unaffected", "version": "4.5.2-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "versions": [{"status": "unaffected", "version": "4.5.2-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "versions": [{"status": "unaffected", "version": "4.5.2-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "versions": [{"status": "unaffected", "version": "4.5.2-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "versions": [{"status": "unaffected", "version": "4.5.2-1", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "versions": [{"status": "unaffected", "version": "4.5.2-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.5::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.5", "versions": [{"status": "unaffected", "version": "4.5.2-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-v4-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "8100020240808093819.afee755d", "lessThan": "*", "versionType": "rpm"}], "packageName": "container-tools:rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "2:1.37.2-1.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "buildah", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "2:1.16.1-1.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "skopeo", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "2:5.2.2-1.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "podman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhmt:1.8::el8"], "vendor": "Red Hat", "product": "Red Hat Migration Toolkit for Containers 1.8", "versions": [{"status": "unaffected", "version": "v1.8.4-22", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhmtc/openshift-migration-controller-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_ironic:4.13::el9", "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.13", "versions": [{"status": "unaffected", "version": "3:4.4.1-14.rhaos4.13.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "podman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_ironic:4.13::el9", "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.13", "versions": [{"status": "unaffected", "version": "2:1.11.3-3.rhaos4.13.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "skopeo", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.14", "versions": [{"status": "unaffected", "version": "v4.14.0-202407260439.p0.g8d9b39e.assembly.stream.el8", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift4/ose-operator-lifecycle-manager", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_ironic:4.14::el9", "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.14", "versions": [{"status": "unaffected", "version": "3:4.4.1-19.rhaos4.14.el8", "lessThan": "*", "versionType": "rpm"}], "packageName": "podman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_ironic:4.14::el9", "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.14", "versions": [{"status": "unaffected", "version": "2:1.11.3-3.rhaos4.14.el8", "lessThan": "*", "versionType": "rpm"}], "packageName": "skopeo", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift_ironic:4.15::el9", "cpe:/a:redhat:openshift:4.15::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.15", "versions": [{"status": "unaffected", "version": "3:4.4.1-30.rhaos4.15.el8", "lessThan": "*", "versionType": "rpm"}], "packageName": "podman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift_ironic:4.15::el9", "cpe:/a:redhat:openshift:4.15::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.15", "versions": [{"status": "unaffected", "version": "2:1.11.3-4.rhaos4.15.el8", "lessThan": "*", "versionType": "rpm"}], "packageName": "skopeo", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.15", "versions": [{"status": "unaffected", "version": "v4.15.0-202410230304.p0.g366295f.assembly.stream.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift4/ose-agent-installer-node-agent-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.15", "versions": [{"status": "unaffected", "version": "v4.15.0-202410230304.p0.gfde2b2e.assembly.stream.el8", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift4/ose-agent-installer-orchestrator-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.15", "versions": [{"status": "unaffected", "version": "v4.15.0-202407230407.p0.gf3f8de5.assembly.stream.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift4/ose-operator-lifecycle-manager-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.16::el9", "cpe:/a:redhat:openshift:4.16::el8", "cpe:/a:redhat:openshift_ironic:4.16::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "versions": [{"status": "unaffected", "version": "4:4.9.4-5.1.rhaos4.16.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "podman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.16::el9", "cpe:/a:redhat:openshift:4.16::el8", "cpe:/a:redhat:openshift_ironic:4.16::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "versions": [{"status": "unaffected", "version": "2:1.14.4-1.rhaos4.16.el8", "lessThan": "*", "versionType": "rpm"}], "packageName": "skopeo", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.16::el9", "cpe:/a:redhat:openshift:4.16::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "versions": [{"status": "unaffected", "version": "0:1.29.5-7.rhaos4.16.git7db4ada.el8", "lessThan": "*", "versionType": "rpm"}], "packageName": "cri-o", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.16::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "versions": [{"status": "unaffected", "version": "v4.16.0-202407171536.p0.g1551101.assembly.stream.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift4/ose-operator-lifecycle-manager-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.16::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "versions": [{"status": "unaffected", "version": "v4.16.0-202409162206.p0.g6a425ab.assembly.stream.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift4/ose-machine-config-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.16::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "versions": [{"status": "unaffected", "version": "v4.16.0-202409231504.p0.g342902b.assembly.stream.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift4/ose-agent-installer-orchestrator-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.16::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "versions": [{"status": "unaffected", "version": "v4.16.0-202410172201.p0.gb121e87.assembly.stream.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift4/ose-agent-installer-node-agent-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.17::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.17", "versions": [{"status": "unaffected", "version": "v4.17.0-202409122005.p0.gb170ad0.assembly.stream.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift4/ose-machine-config-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.17::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.17", "versions": [{"status": "unaffected", "version": "v4.17.0-202409100034.p0.g8d16b39.assembly.stream.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift4/ose-olm-operator-controller-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.17::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.17", "versions": [{"status": "unaffected", "version": "v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift4/ose-operator-lifecycle-manager-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.17::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.17", "versions": [{"status": "unaffected", "version": "v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift4/ose-operator-registry-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.17::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.17", "versions": [{"status": "unaffected", "version": "v4.17.0-202410022234.p0.gfbc55c6.assembly.stream.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift4/ose-agent-installer-orchestrator-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:container_native_virtualization:4.15::el9"], "vendor": "Red Hat", "product": "RHEL-9-CNV-4.15", "versions": [{"status": "unaffected", "version": "v4.15.5-7", "lessThan": "*", "versionType": "rpm"}], "packageName": "container-native-virtualization/virt-cdi-controller-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:multicluster_engine"], "vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "packageName": "multicluster-engine/agent-service-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:multicluster_engine"], "vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "packageName": "multicluster-engine/assisted-installer-agent-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:multicluster_engine"], "vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "packageName": "multicluster-engine/assisted-installer-reporter-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:multicluster_engine"], "vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "packageName": "multicluster-engine/assisted-installer-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:multicluster_engine"], "vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "packageName": "multicluster-engine/hive-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:openshift_api_data_protection:1"], "vendor": "Red Hat", "product": "OpenShift API for Data Protection", "packageName": "oadp/oadp-velero-plugin-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ocp_tools"], "vendor": "Red Hat", "product": "OpenShift Developer Tools and Services", "packageName": "ocp-tools-4/jenkins-agent-base-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ocp_tools"], "vendor": "Red Hat", "product": "OpenShift Developer Tools and Services", "packageName": "ocp-tools-4/jenkins-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:serverless:1"], "vendor": "Red Hat", "product": "OpenShift Serverless", "packageName": "openshift-serverless-1/client-kn-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:serverless:1"], "vendor": "Red Hat", "product": "OpenShift Serverless", "packageName": "openshift-serverless-clients", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:source_to_image:1"], "vendor": "Red Hat", "product": "OpenShift Source-to-Image (S2I)", "packageName": "source-to-image-container", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:acm:2"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "packageName": "rhacm2/submariner-rhel8-operator", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:3"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:3"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:3"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "packageName": "advanced-cluster-security/rhacs-rhel8-operator", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:3"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:3"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:3"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:3"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "packageName": "advanced-cluster-security/rhacs-scanner-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:3"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform"], "vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 1.2", "packageName": "openshift-clients", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform:2"], "vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2", "packageName": "openshift-clients", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "buildah", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "podman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "skopeo", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "container-tools:4.0/buildah", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "container-tools:4.0/conmon", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "container-tools:4.0/containers-common", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "container-tools:4.0/podman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "container-tools:4.0/skopeo", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "osbuild-composer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "conmon", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "containers-common", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "osbuild-composer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:3.11"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 3.11", "packageName": "atomic-openshift", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:openshift:3.11"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 3.11", "packageName": "podman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "buildah", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "conmon", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "containers-common", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4/oc-mirror-plugin-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4/ose-agent-installer-api-server-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4/ose-agent-installer-csr-approver-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4/ose-baremetal-installer-rhel7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4/ose-cli", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4/ose-cli-artifacts", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4/ose-deployer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4/ose-docker-builder", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4/ose-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4/ose-installer-altinfra-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4/ose-installer-artifacts", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4/ose-olm-rukpak-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4/ose-openshift-apiserver-rhel7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4/ose-openshift-controller-manager-rhel7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4/ose-openshift-proxy-pull-test-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4/ose-tools-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift-clients", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "ose-installer-terraform-providers-container", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:assisted_installer:"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform Assisted Installer", "packageName": "rhai-tech-preview/assisted-installer-agent-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:assisted_installer:"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform Assisted Installer", "packageName": "rhai-tech-preview/assisted-installer-reporter-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:assisted_installer:"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform Assisted Installer", "packageName": "rhai-tech-preview/assisted-installer-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_devspaces:3::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift Dev Spaces", "packageName": "devspaces/udi-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_sandboxed_containers:1"], "vendor": "Red Hat", "product": "Red Hat Openshift sandboxed containers", "packageName": "openshift-sandboxed-containers-tech-preview/osc-must-gather-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_sandboxed_containers:1"], "vendor": "Red Hat", "product": "Red Hat Openshift sandboxed containers", "packageName": "openshift-sandboxed-containers-tech-preview/osc-rhel8-operator", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:container_native_virtualization:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "packageName": "container-native-virtualization/virt-cdi-apiserver", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:container_native_virtualization:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "packageName": "container-native-virtualization/virt-cdi-apiserver-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:container_native_virtualization:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "packageName": "container-native-virtualization/virt-cdi-cloner", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:container_native_virtualization:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "packageName": "container-native-virtualization/virt-cdi-cloner-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:container_native_virtualization:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "packageName": "container-native-virtualization/virt-cdi-controller", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:container_native_virtualization:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "packageName": "container-native-virtualization/virt-cdi-importer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:container_native_virtualization:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "packageName": "container-native-virtualization/virt-cdi-importer-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:container_native_virtualization:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "packageName": "container-native-virtualization/virt-cdi-operator", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:container_native_virtualization:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "packageName": "container-native-virtualization/virt-cdi-operator-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:container_native_virtualization:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "packageName": "container-native-virtualization/virt-cdi-uploadproxy", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:container_native_virtualization:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "packageName": "container-native-virtualization/virt-cdi-uploadproxy-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:container_native_virtualization:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "packageName": "container-native-virtualization/virt-cdi-uploadserver", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:container_native_virtualization:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "packageName": "container-native-virtualization/virt-cdi-uploadserver-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:16.2"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "packageName": "osp-director-provisioner-container", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:quay:3"], "vendor": "Red Hat", "product": "Red Hat Quay 3", "packageName": "quay/quay-builder-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-04-12T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-05-09T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-05-09T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:0045", "name": "RHSA-2024:0045", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3718", "name": "RHSA-2024:3718", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4159", "name": "RHSA-2024:4159", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4613", "name": "RHSA-2024:4613", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4850", "name": "RHSA-2024:4850", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4960", "name": "RHSA-2024:4960", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:5258", "name": "RHSA-2024:5258", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:5951", "name": "RHSA-2024:5951", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6054", "name": "RHSA-2024:6054", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6708", "name": "RHSA-2024:6708", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6824", "name": "RHSA-2024:6824", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:7164", "name": "RHSA-2024:7164", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:7174", "name": "RHSA-2024:7174", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:7182", "name": "RHSA-2024:7182", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:7187", "name": "RHSA-2024:7187", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:7922", "name": "RHSA-2024:7922", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:7941", "name": "RHSA-2024:7941", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:8260", "name": "RHSA-2024:8260", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:8425", "name": "RHSA-2024:8425", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:9097", "name": "RHSA-2024:9097", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:9098", "name": "RHSA-2024:9098", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:9102", "name": "RHSA-2024:9102", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3727", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", "name": "RHBZ#2274767", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-354", "description": "Improper Validation of Integrity Check Value"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-13T20:51:37.836Z"}, "x_redhatCweChain": "CWE-354: Improper Validation of Integrity Check Value"}}, "cveMetadata": {"cveId": "CVE-2024-3727", "state": "PUBLISHED", "dateUpdated": "2024-11-13T20:51:37.836Z", "dateReserved": "2024-04-12T17:56:37.261Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-05-09T14:57:21.327Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en la librer\u00eda github.com/containers/image. Esta falla permite a los atacantes activar accesos inesperados al registro autenticado en nombre de un usuario v\u00edctima, lo que provoca agotamiento de recursos, path traversal local y otros ataques."}], "id": "CVE-2024-3727", "lastModified": "2024-11-12T15:15:09.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-05-14T15:42:07.060", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0045"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3718"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:4159"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:4613"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:4850"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:4960"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:5258"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:5951"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:6054"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:6708"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:6824"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:7164"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:7174"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:7182"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:7187"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:7922"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:7941"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:8260"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:8425"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:9097"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:9098"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:9102"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-3727"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-354"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-central-db-rhel8:4.4.5-2", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-collector-rhel8:4.4.5-2", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-collector-slim-rhel8:4.4.5-2", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:4.4.5-4", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-operator-bundle:4.4.5-3", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-rhel8-operator:4.4.5-2", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-roxctl-rhel8:4.4.5-2", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-scanner-db-rhel8:4.4.5-2", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.4.5-3", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-scanner-rhel8:4.4.5-2", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-scanner-slim-rhel8:4.4.5-2", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8:4.4.5-3", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-scanner-v4-rhel8:4.4.5-3", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6708", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-central-db-rhel8:4.5.2-2", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2024-09-16T00:00:00Z"}, {"advisory": "RHSA-2024:6708", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-collector-rhel8:4.5.2-2", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2024-09-16T00:00:00Z"}, {"advisory": "RHSA-2024:6708", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-collector-slim-rhel8:4.5.2-2", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2024-09-16T00:00:00Z"}, {"advisory": "RHSA-2024:6708", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:4.5.2-2", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2024-09-16T00:00:00Z"}, {"advisory": "RHSA-2024:6708", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-operator-bundle:4.5.2-2", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2024-09-16T00:00:00Z"}, {"advisory": "RHSA-2024:6708", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-rhel8-operator:4.5.2-2", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2024-09-16T00:00:00Z"}, {"advisory": "RHSA-2024:6708", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-roxctl-rhel8:4.5.2-2", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2024-09-16T00:00:00Z"}, {"advisory": "RHSA-2024:6708", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-scanner-db-rhel8:4.5.2-2", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2024-09-16T00:00:00Z"}, {"advisory": "RHSA-2024:6708", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.5.2-2", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2024-09-16T00:00:00Z"}, {"advisory": "RHSA-2024:6708", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-scanner-rhel8:4.5.2-2", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2024-09-16T00:00:00Z"}, {"advisory": "RHSA-2024:6708", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-scanner-slim-rhel8:4.5.2-1", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2024-09-16T00:00:00Z"}, {"advisory": "RHSA-2024:6708", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8:4.5.2-2", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2024-09-16T00:00:00Z"}, {"advisory": "RHSA-2024:6708", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-scanner-v4-rhel8:4.5.2-2", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2024-09-16T00:00:00Z"}, {"advisory": "RHSA-2024:5258", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:rhel8-8100020240808093819.afee755d", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:9097", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "buildah-2:1.37.2-1.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9098", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "skopeo-2:1.16.1-1.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9102", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "podman-2:5.2.2-1.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:7164", "cpe": "cpe:/a:redhat:rhmt:1.8::el8", "package": "rhmtc/openshift-migration-controller-rhel8:v1.8.4-22", "product_name": "Red Hat Migration Toolkit for Containers 1.8", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7941", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "podman-3:4.4.1-13.rhaos4.13.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:7941", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "skopeo-2:1.11.3-3.rhaos4.13.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:4960", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-operator-lifecycle-manager:v4.14.0-202407260439.p0.g8d9b39e.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:7187", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "podman-3:4.4.1-19.rhaos4.14.el9", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-10-03T00:00:00Z"}, {"advisory": "RHSA-2024:7187", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "skopeo-2:1.11.3-3.rhaos4.14.el9", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-10-03T00:00:00Z"}, {"advisory": "RHSA-2024:7182", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "podman-3:4.4.1-30.rhaos4.15.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7182", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "skopeo-2:1.11.3-4.rhaos4.15.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:8425", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-agent-installer-node-agent-rhel9:v4.15.0-202410230304.p0.g366295f.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-10-31T00:00:00Z"}, {"advisory": "RHSA-2024:8425", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-agent-installer-orchestrator-rhel8:v4.15.0-202410230304.p0.gfde2b2e.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-10-31T00:00:00Z"}, {"advisory": "RHSA-2024:4850", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-operator-lifecycle-manager-rhel9:v4.15.0-202407230407.p0.gf3f8de5.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-07-31T00:00:00Z"}, {"advisory": "RHSA-2024:0045", "cpe": "cpe:/a:redhat:openshift:4.16::el8", "package": "podman-4:4.9.4-5.1.rhaos4.16.el8", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:0045", "cpe": "cpe:/a:redhat:openshift:4.16::el8", "package": "skopeo-2:1.14.4-1.rhaos4.16.el8", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}, {"advisory": "RHSA-2024:4159", "cpe": "cpe:/a:redhat:openshift:4.16::el8", "package": "cri-o-0:1.29.5-7.rhaos4.16.git7db4ada.el8", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-03T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-operator-lifecycle-manager-rhel9:v4.16.0-202407171536.p0.g1551101.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:6824", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-machine-config-rhel9-operator:v4.16.0-202409162206.p0.g6a425ab.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:7174", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-agent-installer-orchestrator-rhel9:v4.16.0-202409231504.p0.g342902b.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:8260", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-agent-installer-node-agent-rhel9:v4.16.0-202410172201.p0.gb121e87.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-10-24T00:00:00Z"}, {"advisory": "RHSA-2024:3718", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "openshift4/ose-machine-config-rhel9-operator:v4.17.0-202409122005.p0.gb170ad0.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2024-10-01T00:00:00Z"}, {"advisory": "RHSA-2024:3718", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "openshift4/ose-olm-operator-controller-rhel9:v4.17.0-202409100034.p0.g8d16b39.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2024-10-01T00:00:00Z"}, {"advisory": "RHSA-2024:3718", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "openshift4/ose-operator-lifecycle-manager-rhel9:v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2024-10-01T00:00:00Z"}, {"advisory": "RHSA-2024:3718", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "openshift4/ose-operator-registry-rhel9:v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2024-10-01T00:00:00Z"}, {"advisory": "RHSA-2024:7922", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "openshift4/ose-agent-installer-orchestrator-rhel9:v4.17.0-202410022234.p0.gfbc55c6.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:5951", "cpe": "cpe:/a:redhat:container_native_virtualization:4.15::el9", "package": "container-native-virtualization/virt-cdi-controller-rhel9:v4.15.5-7", "product_name": "RHEL-9-CNV-4.15", "release_date": "2024-08-28T00:00:00Z"}], "bugzilla": {"description": "containers/image: digest type does not guarantee valid type", "id": "2274767", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-354", "details": ["A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.", "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks."], "name": "CVE-2024-3727", "package_state": [{"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Not affected", "package_name": "multicluster-engine/agent-service-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Not affected", "package_name": "multicluster-engine/assisted-installer-agent-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Not affected", "package_name": "multicluster-engine/assisted-installer-reporter-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Not affected", "package_name": "multicluster-engine/assisted-installer-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Not affected", "package_name": "multicluster-engine/hive-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Affected", "package_name": "oadp/oadp-velero-plugin-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Affected", "package_name": "ocp-tools-4/jenkins-agent-base-rhel8", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Affected", "package_name": "ocp-tools-4/jenkins-rhel8", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Will not fix", "package_name": "openshift-serverless-1/client-kn-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Will not fix", "package_name": "openshift-serverless-clients", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:source_to_image:1", "fix_state": "Affected", "package_name": "source-to-image-container", "product_name": "OpenShift Source-to-Image (S2I)"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/submariner-rhel8-operator", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-central-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-rhel8-operator", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-roxctl-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-scanner-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Affected", "package_name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-scanner-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-scanner-slim-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform", "fix_state": "Not affected", "package_name": "openshift-clients", "product_name": "Red Hat Ansible Automation Platform 1.2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "openshift-clients", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "buildah", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "podman", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "skopeo", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/buildah", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/conmon", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/containers-common", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "container-tools:4.0/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/skopeo", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "osbuild-composer", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "conmon", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "containers-common", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "osbuild-composer", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "podman", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "buildah", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "conmon", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "containers-common", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/oc-mirror-plugin-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-agent-installer-api-server-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-agent-installer-csr-approver-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-baremetal-installer-rhel7", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cli", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-cli-artifacts", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-deployer", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-docker-builder", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-installer", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-installer-altinfra-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-installer-artifacts", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-olm-rukpak-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-openshift-apiserver-rhel7", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-openshift-controller-manager-rhel7", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-openshift-proxy-pull-test-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-tools-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift-clients", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "ose-installer-terraform-providers-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:assisted_installer:", "fix_state": "Affected", "package_name": "rhai-tech-preview/assisted-installer-agent-rhel8", "product_name": "Red Hat OpenShift Container Platform Assisted Installer"}, {"cpe": "cpe:/a:redhat:assisted_installer:", "fix_state": "Affected", "package_name": "rhai-tech-preview/assisted-installer-reporter-rhel8", "product_name": "Red Hat OpenShift Container Platform Assisted Installer"}, {"cpe": "cpe:/a:redhat:assisted_installer:", "fix_state": "Affected", "package_name": "rhai-tech-preview/assisted-installer-rhel8", "product_name": "Red Hat OpenShift Container Platform Assisted Installer"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Affected", "package_name": "devspaces/udi-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_sandboxed_containers:1", "fix_state": "Affected", "package_name": "openshift-sandboxed-containers-tech-preview/osc-must-gather-rhel8", "product_name": "Red Hat Openshift sandboxed containers"}, {"cpe": "cpe:/a:redhat:openshift_sandboxed_containers:1", "fix_state": "Affected", "package_name": "openshift-sandboxed-containers-tech-preview/osc-rhel8-operator", "product_name": "Red Hat Openshift sandboxed containers"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/virt-cdi-apiserver", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/virt-cdi-apiserver-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/virt-cdi-cloner", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/virt-cdi-cloner-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/virt-cdi-controller", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/virt-cdi-importer", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "container-native-virtualization/virt-cdi-importer-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/virt-cdi-operator", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/virt-cdi-operator-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/virt-cdi-uploadproxy", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/virt-cdi-uploadproxy-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/virt-cdi-uploadserver", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/virt-cdi-uploadserver-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Affected", "package_name": "osp-director-provisioner-container", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-builder-rhel8", "product_name": "Red Hat Quay 3"}], "public_date": "2024-05-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-3727\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3727"], "statement": "Some conditions are necessary for this attack to occur, such as the attacker being able to upload malicious images to the registry and persuade a victim to pull them. Hence, the severity of this flaw was rated as Moderate.", "threat_severity": "Moderate"}