8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.2%
OpenShift Virtualization is Red Hat’s virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.8.2 images:
kubevirt-vmware-container-v4.8.2-1
node-maintenance-operator-container-v4.8.2-1
bridge-marker-container-v4.8.2-1
kubemacpool-container-v4.8.2-1
virtio-win-container-v4.8.2-1
kubevirt-v2v-conversion-container-v4.8.2-1
hostpath-provisioner-container-v4.8.2-1
kubernetes-nmstate-handler-container-v4.8.2-1
cluster-network-addons-operator-container-v4.8.2-1
cnv-containernetworking-plugins-container-v4.8.2-1
hyperconverged-cluster-operator-container-v4.8.2-2
hostpath-provisioner-operator-container-v4.8.2-1
ovs-cni-marker-container-v4.8.2-1
hyperconverged-cluster-webhook-container-v4.8.2-2
ovs-cni-plugin-container-v4.8.2-1
kubevirt-template-validator-container-v4.8.2-2
kubevirt-ssp-operator-container-v4.8.2-2
cnv-must-gather-container-v4.8.2-3
vm-import-virtv2v-container-v4.8.2-4
vm-import-operator-container-v4.8.2-4
vm-import-controller-container-v4.8.2-4
virt-cdi-cloner-container-v4.8.2-2
virt-cdi-controller-container-v4.8.2-2
virt-cdi-operator-container-v4.8.2-2
virt-cdi-uploadproxy-container-v4.8.2-2
virt-cdi-uploadserver-container-v4.8.2-2
virt-cdi-apiserver-container-v4.8.2-2
virt-cdi-importer-container-v4.8.2-2
virt-launcher-container-v4.8.2-5
virt-api-container-v4.8.2-5
virt-handler-container-v4.8.2-5
virt-controller-container-v4.8.2-5
virt-operator-container-v4.8.2-5
hco-bundle-registry-container-v4.8.2-17
Security Fix(es):
golang: net: lookup functions may return invalid host names
(CVE-2021-33195)
golang: net/http/httputil: ReverseProxy forwards connection headers if
first one is empty (CVE-2021-33197)
golang: math/big.Rat: may cause a panic or an unrecoverable fatal error
if passed inputs with very large exponents (CVE-2021-33198)
golang: crypto/tls: certificate of wrong type is causing TLS client to
panic (CVE-2021-34558)
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.2%