9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
An update that fixes one vulnerability is now available.
Description:
This update for cdi-apiserver-container, cdi-cloner-container,
cdi-controller-container, cdi-importer-container, cdi-operator-container,
cdi-uploadproxy-container, cdi-uploadserver-container,
containerized-data-importer fixes the following issues:
Update to version 1.51.0
Security issues fixed in vendored dependencies:
CVE-2022-1996: Fixed CORS bypass (bsc#1200528)
Include additional tools used by cdi-importer: cdi-containerimage-server
cdi-image-size-detection cdi-source-update-poller
Pack only cdi-operator and cdi-cr release manifests
Install tar for cloning filesystem PVCs
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3334=1
SUSE Linux Enterprise Module for Containers 15-SP4:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-3334=1
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE Leap | 15.4 | x86_64 | < - openSUSE Leap 15.4 (x86_64): | - openSUSE Leap 15.4 (x86_64):.x86_64.rpm | |
SUSE Linux Enterprise Module for Containers 15 | SP4 | x86_64 | < SUSE Linux Enterprise Module for Containers 15-SP4 (x86_64): | - SUSE Linux Enterprise Module for Containers 15-SP4 (x86_64):.x86_64.rpm |
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N