{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6104", "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "state": "PUBLISHED", "assignerShortName": "HashiCorp", "dateReserved": "2024-06-17T22:19:58.680Z", "datePublished": "2024-06-24T17:06:21.150Z", "dateUpdated": "2024-08-01T21:33:04.395Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "product": "Shared library", "repo": "https://github.com/hashicorp/go-retryablehttp", "vendor": "HashiCorp", "versions": [{"lessThan": "0.7.7", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.</p><br/>"}], "value": "go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7."}], "impacts": [{"capecId": "CAPEC-118", "descriptions": [{"lang": "en", "value": "CAPEC-118: Collect and Analyze Information"}]}], "metrics": [{"cvssV3_1": {"baseScore": 6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp", "dateUpdated": "2024-06-24T17:06:21.150Z"}, "references": [{"url": "https://discuss.hashicorp.com/c/security"}], "source": {"advisory": "HCSEC-2024-12", "discovery": "EXTERNAL"}, "title": "go-retryablehttp can leak basic auth credentials to log files"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-24T19:19:22.878144Z", "id": "CVE-2024-6104", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-24T19:19:28.773Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:33:04.395Z"}, "title": "CVE Program Container", "references": [{"url": "https://discuss.hashicorp.com/c/security", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://discuss.hashicorp.com/c/security", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:33:04.395Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6104", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-24T19:19:22.878144Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-24T19:19:26.219Z"}}], "cna": {"title": "go-retryablehttp can leak basic auth credentials to log files", "source": {"advisory": "HCSEC-2024-12", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-118", "descriptions": [{"lang": "en", "value": "CAPEC-118: Collect and Analyze Information"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/hashicorp/go-retryablehttp", "vendor": "HashiCorp", "product": "Shared library", "versions": [{"status": "affected", "version": "0", "lessThan": "0.7.7", "versionType": "semver"}], "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://discuss.hashicorp.com/c/security"}], "descriptions": [{"lang": "en", "value": "go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.", "supportingMedia": [{"type": "text/html", "value": "<p>go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.</p><br/>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp", "dateUpdated": "2024-06-24T17:06:21.150Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6104", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:33:04.395Z", "dateReserved": "2024-06-17T22:19:58.680Z", "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "datePublished": "2024-06-24T17:06:21.150Z", "assignerShortName": "HashiCorp"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:retryablehttp:*:*:*:*:*:go:*:*", "matchCriteriaId": "0FCBD41E-84B7-4720-A6EA-9A617EEC3F30", "versionEndExcluding": "0.7.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7."}, {"lang": "es", "value": "go-retryablehttp anterior a 0.7.7 no sanitizaba las URL al escribirlas en su archivo de registro. Esto podr\u00eda llevar a que go-retryablehttp escriba credenciales de autenticaci\u00f3n b\u00e1sicas HTTP confidenciales en su archivo de registro. Esta vulnerabilidad, CVE-2024-6104, se solucion\u00f3 en go-retryablehttp 0.7.7."}], "id": "CVE-2024-6104", "lastModified": "2024-06-26T17:19:40.850", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "security@hashicorp.com", "type": "Secondary"}]}, "published": "2024-06-24T17:15:11.087", "references": [{"source": "security@hashicorp.com", "tags": ["Vendor Advisory"], "url": "https://discuss.hashicorp.com/c/security"}], "sourceIdentifier": "security@hashicorp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "security@hashicorp.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:8040", "cpe": "cpe:/a:redhat:cluster_observability_operator:0.4::el8", "package": "cluster-observability-operator/cluster-observability-operator-bundle:0.4.1-18", "product_name": "CLUSTER-OBSERVABILITY-OPERATOR-0.4-RHEL-8", "release_date": "2024-10-14T00:00:00Z"}, {"advisory": "RHSA-2024:8040", "cpe": "cpe:/a:redhat:cluster_observability_operator:0.4::el8", "package": "cluster-observability-operator/cluster-observability-rhel8-operator:v0.4.1-4", "product_name": "CLUSTER-OBSERVABILITY-OPERATOR-0.4-RHEL-8", "release_date": "2024-10-14T00:00:00Z"}, {"advisory": "RHSA-2024:8040", "cpe": "cpe:/a:redhat:cluster_observability_operator:0.4::el8", "package": "cluster-observability-operator/coo-admission-webhook-rhel8:v0.77.1-1", "product_name": "CLUSTER-OBSERVABILITY-OPERATOR-0.4-RHEL-8", "release_date": "2024-10-14T00:00:00Z"}, {"advisory": "RHSA-2024:8040", "cpe": "cpe:/a:redhat:cluster_observability_operator:0.4::el8", "package": "cluster-observability-operator/coo-console-dashboards-plugin-rhel8:v0.2.0-15", "product_name": "CLUSTER-OBSERVABILITY-OPERATOR-0.4-RHEL-8", "release_date": "2024-10-14T00:00:00Z"}, {"advisory": "RHSA-2024:8040", "cpe": "cpe:/a:redhat:cluster_observability_operator:0.4::el8", "package": "cluster-observability-operator/coo-console-distributed-tracing-plugin-rhel8:v0.1.0-16", "product_name": "CLUSTER-OBSERVABILITY-OPERATOR-0.4-RHEL-8", "release_date": "2024-10-14T00:00:00Z"}, {"advisory": "RHSA-2024:8040", "cpe": "cpe:/a:redhat:cluster_observability_operator:0.4::el8", "package": "cluster-observability-operator/coo-console-logging-plugin-rhel8:v6.0.0-20", "product_name": "CLUSTER-OBSERVABILITY-OPERATOR-0.4-RHEL-8", "release_date": "2024-10-14T00:00:00Z"}, {"advisory": "RHSA-2024:8040", "cpe": "cpe:/a:redhat:cluster_observability_operator:0.4::el8", "package": "cluster-observability-operator/coo-console-troubleshooting-panel-plugin-rhel8:v0.1.0-19", "product_name": "CLUSTER-OBSERVABILITY-OPERATOR-0.4-RHEL-8", "release_date": "2024-10-14T00:00:00Z"}, {"advisory": "RHSA-2024:8040", "cpe": "cpe:/a:redhat:cluster_observability_operator:0.4::el8", "package": "cluster-observability-operator/coo-korrel8r-rhel8:v0.6.3-15", "product_name": "CLUSTER-OBSERVABILITY-OPERATOR-0.4-RHEL-8", "release_date": "2024-10-14T00:00:00Z"}, {"advisory": "RHSA-2024:8040", "cpe": "cpe:/a:redhat:cluster_observability_operator:0.4::el8", "package": "cluster-observability-operator/coo-prometheus-alertmanager-rhel8:v0.27.0-4", "product_name": "CLUSTER-OBSERVABILITY-OPERATOR-0.4-RHEL-8", "release_date": "2024-10-14T00:00:00Z"}, {"advisory": "RHSA-2024:8040", "cpe": "cpe:/a:redhat:cluster_observability_operator:0.4::el8", "package": "cluster-observability-operator/coo-prometheus-config-reloader-rhel8:v0.77.1-1", "product_name": "CLUSTER-OBSERVABILITY-OPERATOR-0.4-RHEL-8", "release_date": "2024-10-14T00:00:00Z"}, {"advisory": "RHSA-2024:8040", "cpe": "cpe:/a:redhat:cluster_observability_operator:0.4::el8", "package": "cluster-observability-operator/coo-prometheus-rhel8:v2.54.1-1", "product_name": "CLUSTER-OBSERVABILITY-OPERATOR-0.4-RHEL-8", "release_date": "2024-10-14T00:00:00Z"}, {"advisory": "RHSA-2024:8040", "cpe": "cpe:/a:redhat:cluster_observability_operator:0.4::el8", "package": "cluster-observability-operator/coo-prometheus-rhel8-operator:v0.77.1-1", "product_name": "CLUSTER-OBSERVABILITY-OPERATOR-0.4-RHEL-8", "release_date": "2024-10-14T00:00:00Z"}, {"advisory": "RHSA-2024:8040", "cpe": "cpe:/a:redhat:cluster_observability_operator:0.4::el8", "package": "cluster-observability-operator/coo-thanos-rhel8:v0.36.1-1", "product_name": "CLUSTER-OBSERVABILITY-OPERATOR-0.4-RHEL-8", "release_date": "2024-10-14T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/hive-rhel8:v2.5.7-1", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 8", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-central-db-rhel8:4.4.5-2", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-collector-rhel8:4.4.5-2", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-collector-slim-rhel8:4.4.5-2", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:4.4.5-4", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-operator-bundle:4.4.5-3", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-rhel8-operator:4.4.5-2", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-roxctl-rhel8:4.4.5-2", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-scanner-db-rhel8:4.4.5-2", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.4.5-3", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-scanner-rhel8:4.4.5-2", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-scanner-slim-rhel8:4.4.5-2", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8:4.4.5-3", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6054", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-scanner-v4-rhel8:4.4.5-3", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:5258", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:rhel8-8100020240808093819.afee755d", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5194", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "container-tools:rhel8-8080020240724065004.0f77c1b7", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-08-12T00:00:00Z"}, {"advisory": "RHSA-2024:6194", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "podman-4:4.9.4-10.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:9098", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "skopeo-2:1.16.1-1.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9115", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "grafana-0:10.2.6-4.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:5634", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "podman-2:4.4.1-20.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-20T00:00:00Z"}, {"advisory": "RHSA-2024:5199", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-sriov-network-webhook:v4.12.0-202408091241.p0.g83b800f.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:5200", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-cloud-credential-operator:v4.12.0-202408072203.p0.g6de9c4e.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:5200", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-cluster-image-registry-operator:v4.12.0-202408071159.p0.g77fd1a9.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:5200", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.12.0-202408071159.p0.gf2b726d.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:5200", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.12.0-202408071159.p0.g921509f.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:5808", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-azure-cluster-api-controllers-rhel8:v4.12.0-202408220304.p0.ga1b2a37.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6642", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-installer:v4.12.0-202409040731.p0.g798aeaa.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:4846", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-cloud-credential-operator:v4.13.0-202407192107.p0.g73ecd48.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-07-31T00:00:00Z"}, {"advisory": "RHSA-2024:4846", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-cluster-image-registry-operator:v4.13.0-202407221409.p0.g19ee668.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-07-31T00:00:00Z"}, {"advisory": "RHSA-2024:4846", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.13.0-202407182339.p0.g4c23f81.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-07-31T00:00:00Z"}, {"advisory": "RHSA-2024:4846", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.13.0-202407182137.p0.g54aaeff.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-07-31T00:00:00Z"}, {"advisory": "RHSA-2024:4846", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.13.0-202407221109.p0.gb819827.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-07-31T00:00:00Z"}, {"advisory": "RHSA-2024:5444", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-azure-cluster-api-controllers-rhel8:v4.13.0-202408131940.p0.g3f757a8.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-08-22T00:00:00Z"}, {"advisory": "RHSA-2024:5444", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-powervs-block-csi-driver-rhel8:v4.13.0-202408131940.p0.g16fa555.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-08-22T00:00:00Z"}, {"advisory": "RHSA-2024:5446", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "podman-3:4.4.1-13.rhaos4.13.el9", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-08-22T00:00:00Z"}, {"advisory": "RHSA-2024:6009", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-installer:v4.13.0-202408280339.p0.g1b2041c.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-09-04T00:00:00Z"}, {"advisory": "RHSA-2024:6811", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-hypershift-rhel8:v4.13.0-202409142105.p0.g6daddee.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-09-25T00:00:00Z"}, {"advisory": "RHSA-2024:4479", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cluster-image-registry-operator:v4.14.0-202407041041.p0.g5e20c16.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-07-17T00:00:00Z"}, {"advisory": "RHSA-2024:4960", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-cloud-credential-operator:v4.14.0-202407301840.p0.g7a5d12e.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:4960", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.14.0-202407120310.p0.g620220e.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:4960", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.14.0-202407161139.p0.gea2bc15.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:4960", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.14.0-202407191039.p0.gda6823b.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:4963", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "podman-3:4.4.1-16.4.rhaos4.14.el9", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:5433", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-azure-cluster-api-controllers-rhel8:v4.14.0-202408081241.p0.g8c2203f.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-08-22T00:00:00Z"}, {"advisory": "RHSA-2024:5433", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-powervs-block-csi-driver-rhel8:v4.14.0-202408081513.p0.g988f710.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-08-22T00:00:00Z"}, {"advisory": "RHSA-2024:6406", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-installer:v4.14.0-202409031910.p0.ga8c1414.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:7184", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-hypershift-rhel8:v4.14.0-202409250538.p0.gd8f8831.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-10-03T00:00:00Z"}, {"advisory": "RHSA-2024:4699", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-cloud-credential-operator:v4.15.0-202407181606.p0.gf8455ca.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4699", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.15.0-202407111437.p0.gdf0f1f6.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4699", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-ibm-vpc-block-csi-driver-rhel9:v4.15.0-202407151106.p0.g81877ac.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4699", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-ibm-vpc-node-label-updater-rhel9:v4.15.0-202407160936.p0.g5d72ced.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4853", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "podman-3:4.4.1-26.2.rhaos4.15.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-07-31T00:00:00Z"}, {"advisory": "RHSA-2024:5160", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-installer:v4.15.0-202408060439.p0.g950491f.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5160", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-powervs-block-csi-driver-rhel9:v4.15.0-202408060439.p0.g38bee56.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:4321", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-azure-cluster-api-controllers-rhel9:v4.15.0-202407020237.p0.g44832d2.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-07-10T00:00:00Z"}, {"advisory": "RHSA-2024:4321", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-cluster-image-registry-rhel9-operator:v4.15.0-202407031137.p0.g8740a71.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-07-10T00:00:00Z"}, {"advisory": "RHSA-2024:6409", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-hypershift-rhel9:v4.15.0-202409041437.p0.gf2684bc.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:4858", "cpe": "cpe:/a:redhat:openshift:4.16::el8", "package": "podman-4:4.9.4-8.rhaos4.16.el8", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-31T00:00:00Z"}, {"advisory": "RHSA-2024:4316", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-azure-cluster-api-controllers-rhel9:v4.16.0-202407030803.p0.ga81e3b3.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-09T00:00:00Z"}, {"advisory": "RHSA-2024:4316", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cluster-image-registry-rhel9-operator:v4.16.0-202407030803.p0.g335c914.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-09T00:00:00Z"}, {"advisory": "RHSA-2024:4469", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-ibm-vpc-block-csi-driver-rhel9:v4.16.0-202407031636.p0.g32b4c00.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-16T00:00:00Z"}, {"advisory": "RHSA-2024:4469", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-ibm-vpc-block-csi-driver-rhel9-operator:v4.16.0-202407031636.p0.g34fc9a4.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-16T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cloud-credential-rhel9-operator:v4.16.0-202407142206.p0.gfffc75d.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-installer-rhel9:v4.16.0-202407161505.p0.g41969e2.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4965", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-powervs-cloud-controller-manager-rhel9:v4.16.0-202407300708.p0.g20e6dc7.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-08-06T00:00:00Z"}, {"advisory": "RHSA-2024:4965", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-prometheus-rhel9:v4.16.0-202407261437.p0.gbc04420.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-08-06T00:00:00Z"}, {"advisory": "RHSA-2024:5107", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-powervs-block-csi-driver-rhel9:v4.16.0-202408010610.p0.g26162ba.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:6004", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-hypershift-rhel9:v4.16.0-202408281556.p0.g469fb1e.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:3722", "cpe": "cpe:/a:redhat:openshift:4.17::el8", "package": "podman-4:5.2.0-3.rhaos4.17.el8", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2024-10-01T00:00:00Z"}, {"advisory": "RHSA-2024:3722", "cpe": "cpe:/a:redhat:openshift:4.17::el8", "package": "skopeo-2:1.16.0-2.rhaos4.17.el8", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2024-10-01T00:00:00Z"}, {"advisory": "RHSA-2024:8677", "cpe": "cpe:/a:redhat:openshift_gitops:1.12::el8", "package": "openshift-gitops-1/argocd-rhel8:v1.12.6-2", "product_name": "Red Hat OpenShift GitOps 1.12", "release_date": "2024-10-30T00:00:00Z"}, {"advisory": "RHSA-2024:8677", "cpe": "cpe:/a:redhat:openshift_gitops:1.12::el8", "package": "openshift-gitops-1/argo-rollouts-rhel8:v1.12.6-2", "product_name": "Red Hat OpenShift GitOps 1.12", "release_date": "2024-10-30T00:00:00Z"}, {"advisory": "RHSA-2024:8677", "cpe": "cpe:/a:redhat:openshift_gitops:1.12::el8", "package": "openshift-gitops-1/console-plugin-rhel8:v1.12.6-2", "product_name": "Red Hat OpenShift GitOps 1.12", "release_date": "2024-10-30T00:00:00Z"}, {"advisory": "RHSA-2024:8677", "cpe": "cpe:/a:redhat:openshift_gitops:1.12::el8", "package": "openshift-gitops-1/dex-rhel8:v1.12.6-2", "product_name": "Red Hat OpenShift GitOps 1.12", "release_date": "2024-10-30T00:00:00Z"}, {"advisory": "RHSA-2024:8677", "cpe": "cpe:/a:redhat:openshift_gitops:1.12::el8", "package": "openshift-gitops-1/gitops-operator-bundle:v1.12.6-2", "product_name": "Red Hat OpenShift GitOps 1.12", "release_date": "2024-10-30T00:00:00Z"}, {"advisory": "RHSA-2024:8677", "cpe": "cpe:/a:redhat:openshift_gitops:1.12::el8", "package": "openshift-gitops-1/gitops-rhel8:v1.12.6-2", "product_name": "Red Hat OpenShift GitOps 1.12", "release_date": "2024-10-30T00:00:00Z"}, {"advisory": "RHSA-2024:8677", "cpe": "cpe:/a:redhat:openshift_gitops:1.12::el8", "package": "openshift-gitops-1/gitops-rhel8-operator:v1.12.6-2", "product_name": "Red Hat OpenShift GitOps 1.12", "release_date": "2024-10-30T00:00:00Z"}, {"advisory": "RHSA-2024:8677", "cpe": "cpe:/a:redhat:openshift_gitops:1.12::el8", "package": "openshift-gitops-1/kam-delivery-rhel8:v1.12.6-2", "product_name": "Red Hat OpenShift GitOps 1.12", "release_date": "2024-10-30T00:00:00Z"}, {"advisory": "RHSA-2024:8677", "cpe": "cpe:/a:redhat:openshift_gitops:1.12::el8", "package": "openshift-gitops-1/must-gather-rhel8:v1.12.6-2", "product_name": "Red Hat OpenShift GitOps 1.12", "release_date": "2024-10-30T00:00:00Z"}, {"advisory": "RHSA-2024:8677", "cpe": "cpe:/a:redhat:openshift_gitops:1.12::el9", "package": "openshift-gitops-argocd-rhel9-container-v1.12.6-1", "product_name": "Red Hat OpenShift GitOps 1.12 - RHEL 9", "release_date": "2024-10-30T00:00:00Z"}, {"advisory": "RHSA-2024:7744", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.13::el9", "package": "odf4/cephcsi-rhel9:v4.13.12-2", "product_name": "RHODF-4.13-RHEL-9", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7624", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.14::el9", "package": "odf4/cephcsi-rhel9:v4.14.11-2", "product_name": "RHODF-4.14-RHEL-9", "release_date": "2024-10-03T00:00:00Z"}, {"advisory": "RHSA-2024:5547", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package": "odf4/mcg-rhel9-operator:v4.16.1-3", "product_name": "RHODF-4.16-RHEL-9", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:5547", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package": "odf4/odf-cli-rhel9:v4.16.1-3", "product_name": "RHODF-4.16-RHEL-9", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:5547", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package": "odf4/odf-multicluster-rhel9-operator:v4.16.1-1", "product_name": "RHODF-4.16-RHEL-9", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:6755", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package": "odf4/cephcsi-rhel9:v4.16.2-2", "product_name": "RHODF-4.16-RHEL-9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6755", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package": "odf4/odf-cli-rhel9:v4.16.2-2", "product_name": "RHODF-4.16-RHEL-9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6755", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package": "odf4/rook-ceph-rhel9-operator:v4.16.2-3", "product_name": "RHODF-4.16-RHEL-9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:7323", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/cluster-logging-operator-bundle:v5.6.24-7", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7323", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/cluster-logging-rhel8-operator:v5.6.24-2", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7323", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/elasticsearch6-rhel8:v6.8.1-440", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7323", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/elasticsearch-operator-bundle:v5.6.24-9", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7323", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-515", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7323", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/elasticsearch-rhel8-operator:v5.6.24-2", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7323", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/eventrouter-rhel8:v0.4.0-300", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7323", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/fluentd-rhel8:v1.14.6-228", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7323", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/kibana6-rhel8:v6.8.1-460", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7323", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/log-file-metric-exporter-rhel8:v1.1.0-281", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7323", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/logging-curator5-rhel8:v5.8.1-523", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7323", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/logging-loki-rhel8:v3.1.1-11", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7323", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/logging-view-plugin-rhel8:v5.6.24-3", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7323", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/loki-operator-bundle:v5.6.24-18", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7323", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/loki-rhel8-operator:v5.6.24-7", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7323", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/lokistack-gateway-rhel8:v0.1.0-652", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7323", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/opa-openshift-rhel8:v0.1.0-287", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7323", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/vector-rhel8:v0.21.0-138", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7237", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/cluster-logging-operator-bundle:v5.8.13-15", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7237", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/cluster-logging-rhel9-operator:v5.8.13-7", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7237", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/elasticsearch6-rhel9:v6.8.1-438", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7237", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/elasticsearch-operator-bundle:v5.8.13-13", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7237", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/elasticsearch-proxy-rhel9:v1.0.0-513", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7237", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/elasticsearch-rhel9-operator:v5.8.13-5", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7237", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/eventrouter-rhel9:v0.4.0-296", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7237", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/fluentd-rhel9:v5.8.13-3", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7237", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-277", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7237", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/logging-curator5-rhel9:v5.8.1-521", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7237", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/logging-loki-rhel9:v3.1.1-7", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7237", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/logging-view-plugin-rhel9:v5.8.13-4", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7237", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/loki-operator-bundle:v5.8.13-17", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7237", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/loki-rhel9-operator:v5.8.13-6", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7237", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/lokistack-gateway-rhel9:v0.1.0-649", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7237", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/opa-openshift-rhel9:v0.1.0-284", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7237", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/vector-rhel9:v0.28.1-76", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/cluster-logging-operator-bundle:v5.9.7-11", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/cluster-logging-rhel9-operator:v5.9.7-6", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/eventrouter-rhel9:v0.4.0-301", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/fluentd-rhel9:v5.9.7-3", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-282", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/logging-loki-rhel9:v3.1.1-10", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/logging-view-plugin-rhel9:v5.9.7-5", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/loki-operator-bundle:v5.9.7-16", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/loki-rhel9-operator:v5.9.7-7", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/lokistack-gateway-rhel9:v0.1.0-653", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/opa-openshift-rhel9:v0.1.0-288", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/vector-rhel9:v0.34.1-19", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:8314", "cpe": "cpe:/a:redhat:logging:6.0::el9", "package": "openshift-logging/logging-loki-rhel9:v3.2.0-12", "product_name": "RHOL-6.0-RHEL-9", "release_date": "2024-10-23T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/client-kn-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-controller-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-istio-controller-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-mtping-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-storage-version-migration-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-webhook-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/func-utils-rhel8:1.33.1-1", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/ingress-rhel8-operator:1.33.1-2", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/knative-rhel8-operator:1.33.1-2", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/kn-cli-artifacts-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/kourier-control-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/net-istio-controller-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/net-istio-webhook-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serverless-operator-bundle:1.33.1-2", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serverless-rhel8-operator:1.33.1-2", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-activator-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-autoscaler-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-controller-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-queue-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-storage-version-migration-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-webhook-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/svls-must-gather-rhel8:1.33.1-1", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1-tech-preview/backstage-plugins-eventmesh-rhel8:1.33.1-1", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}], "bugzilla": {"description": "go-retryablehttp: url might write sensitive information to log file", "id": "2294000", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294000"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-532", "details": ["go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.", "A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-6104", "package_state": [{"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Affected", "package_name": "cert-manager/jetstack-cert-manager-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2", "fix_state": "Affected", "package_name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8", "product_name": "Custom Metric Autoscaler operator for Red Hat Openshift"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Not affected", "package_name": "multicluster-engine/cluster-api-provider-azure-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Not affected", "package_name": "multicluster-engine/hypershift-cli-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Will not fix", "package_name": "oadp/oadp-kubevirt-velero-plugin-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines-client", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Affected", "package_name": "openshift-serverless-clients", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:ceph_storage:6", "fix_state": "Affected", "package_name": "rhceph/rhceph-6-dashboard-rhel9", "product_name": "Red Hat Ceph Storage 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "osbuild-composer", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "osbuild-composer", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "odh-ml-pipelines-cache-container", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Will not fix", "package_name": "odh-ml-pipelines-driver-container", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-cluster-ingress-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-contour-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-ibmcloud-cluster-api-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-ibm-cloud-controller-manager-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-ibmcloud-machine-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-powervs-machine-controllers-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "mcg", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/cephcsi-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/mcg-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/ocs-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/rook-ceph-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "mcg", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/mcg-cli-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/ocs-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Not affected", "package_name": "rhods/odh-ml-pipelines-cache-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Affected", "package_name": "devspaces/traefik-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Affected", "package_name": "rhosdt/opentelemetry-collector-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Affected", "package_name": "rhosdt/opentelemetry-rhel8-operator", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_sandboxed_containers:1", "fix_state": "Affected", "package_name": "openshift-sandboxed-containers/osc-podvm-payload-rhel9", "product_name": "Red Hat Openshift sandboxed containers"}, {"cpe": "cpe:/a:redhat:openshift_sandboxed_containers:1", "fix_state": "Affected", "package_name": "openshift-sandboxed-containers-tech-preview/osc-rhel8-operator", "product_name": "Red Hat Openshift sandboxed containers"}], "public_date": "2024-06-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-6104\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-6104"], "threat_severity": "Moderate", "upstream_fix": "go-retryablehttp 0.7.7"}