Lucene search

K
vulnrichmentRedhatVULNRICHMENT:CVE-2024-1394
HistoryMar 21, 2024 - 12:16 p.m.

CVE-2024-1394 Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads

2024-03-2112:16:38
CWE-401
redhat
github.com
4
cve-2024-1394
golang
openssl
memory leaks
rsa payloads
resource exhaustion
attacker-controlled inputs

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

23.4%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the “return nil, nil, fail(…)” pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.

CNA Affected

[
  {
    "cpes": [
      "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
      "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
      "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
      "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
      "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
      "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:1.4.5-1.el8ap",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "receptor",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
      "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
      "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
      "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
      "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
      "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:1.4.5-1.el9ap",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "receptor",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:devtools:2023::el7"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Developer Tools",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:1.19.13-6.el7_9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "go-toolset-1.19-golang",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "versions": [
      {
        "status": "unaffected",
        "version": "8090020240313170136.26eb71ac",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "go-toolset:rhel8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:5.1.1-2.el8_9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "grafana-pcp",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:9.2.10-8.el8_9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "grafana",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:9.2.10-16.el8_10",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "grafana",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:1.20.12-2.el9_3",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "golang",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:9.2.10-8.el9_3",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "grafana",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:5.1.1-2.el9_3",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "grafana-pcp",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:1.21.9-2.el9_4",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "golang",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:9.2.10-16.el9_4",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "grafana",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:5.1.1-2.el9_4",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "grafana-pcp",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "versions": [
      {
        "status": "unaffected",
        "version": "2:1.33.7-3.el9_4",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "buildah",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "versions": [
      {
        "status": "unaffected",
        "version": "4:4.9.4-5.el9_4",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "podman",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "versions": [
      {
        "status": "unaffected",
        "version": "6:0.7.3-4.el9_4",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "gvisor-tap-vsock",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "versions": [
      {
        "status": "unaffected",
        "version": "2:1.14.3-3.el9_4",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "skopeo",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:rhel_e4s:9.0::appstream"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "versions": [
      {
        "status": "unaffected",
        "version": "2:4.2.0-4.el9_0",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "podman",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:rhel_eus:9.2::appstream"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:1.19.13-7.el9_2",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "golang",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.12::el9",
      "cpe:/a:redhat:openshift:4.12::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.12",
    "versions": [
      {
        "status": "unaffected",
        "version": "1:1.23.4-5.2.rhaos4.12.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "buildah",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.12::el9",
      "cpe:/a:redhat:openshift:4.12::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.12",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:0.16.0-2.2.rhaos4.12.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "butane",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.12::el9",
      "cpe:/a:redhat:openshift:4.12::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.12",
    "versions": [
      {
        "status": "unaffected",
        "version": "1:1.4.0-1.1.rhaos4.12.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "containernetworking-plugins",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.12::el9",
      "cpe:/a:redhat:openshift:4.12::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.12",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:1.25.3-5.2.rhaos4.12.git44a2cb2.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "cri-o",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.12::el9",
      "cpe:/a:redhat:openshift:4.12::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.12",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:1.25.0-2.2.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "cri-tools",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.12::el9",
      "cpe:/a:redhat:openshift:4.12::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.12",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:2.14.0-5.2.rhaos4.12.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "ignition",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.12::el9",
      "cpe:/a:redhat:openshift:4.12::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.12",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.12.0-202403251017.p0.gd4c9e3c.assembly.stream.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "openshift-clients",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.12::el9",
      "cpe:/a:redhat:openshift:4.12::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.12",
    "versions": [
      {
        "status": "unaffected",
        "version": "3:4.4.1-2.1.rhaos4.12.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "podman",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.12::el9",
      "cpe:/a:redhat:openshift:4.12::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.12",
    "versions": [
      {
        "status": "unaffected",
        "version": "3:1.1.6-5.2.rhaos4.12.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "runc",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.12::el9",
      "cpe:/a:redhat:openshift:4.12::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.12",
    "versions": [
      {
        "status": "unaffected",
        "version": "2:1.9.4-3.2.rhaos4.12.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "skopeo",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.13::el9",
      "cpe:/a:redhat:openshift:4.13::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.13",
    "versions": [
      {
        "status": "unaffected",
        "version": "1:1.29.1-2.2.rhaos4.13.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "buildah",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.13::el9",
      "cpe:/a:redhat:openshift:4.13::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.13",
    "versions": [
      {
        "status": "unaffected",
        "version": "1:1.4.0-1.1.rhaos4.13.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "containernetworking-plugins",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.13::el9",
      "cpe:/a:redhat:openshift:4.13::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.13",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:1.26.5-11.1.rhaos4.13.git919cc6e.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "cri-o",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.13::el9",
      "cpe:/a:redhat:openshift:4.13::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.13",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:1.26.0-4.2.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "cri-tools",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.13::el9",
      "cpe:/a:redhat:openshift:4.13::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.13",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:2.15.0-7.1.rhaos4.13.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "ignition",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.13::el9",
      "cpe:/a:redhat:openshift:4.13::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.13",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.13.0-202404020737.p0.gd192e90.assembly.stream.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "openshift-clients",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.13::el9",
      "cpe:/a:redhat:openshift:4.13::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.13",
    "versions": [
      {
        "status": "unaffected",
        "version": "3:4.4.1-5.2.rhaos4.13.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "podman",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.13::el9",
      "cpe:/a:redhat:openshift:4.13::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.13",
    "versions": [
      {
        "status": "unaffected",
        "version": "4:1.1.12-1.1.rhaos4.13.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "runc",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.13::el9",
      "cpe:/a:redhat:openshift:4.13::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.13",
    "versions": [
      {
        "status": "unaffected",
        "version": "2:1.11.2-2.2.rhaos4.13.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "skopeo",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:0.19.0-1.3.rhaos4.14.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "butane",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "1:1.4.0-1.2.rhaos4.14.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "containernetworking-plugins",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:1.27.4-6.1.rhaos4.14.gitd09e4c0.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "cri-o",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:1.27.0-3.1.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "cri-tools",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:2.16.2-2.1.rhaos4.14.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "ignition",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.14.0-202403261640.p0.gf7b14a9.assembly.stream.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "openshift-clients",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.14.0-202403251040.p0.g607e2dd.assembly.stream.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "ose-aws-ecr-image-credential-provider",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "3:4.4.1-11.3.rhaos4.14.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "podman",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "2:1.11.2-10.3.rhaos4.14.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "skopeo",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "1:1.29.1-10.4.rhaos4.14.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "buildah",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:0.19.0-1.4.rhaos4.14.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "butane",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "3:2.1.7-3.4.rhaos4.14.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "conmon",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "1:1.4.0-1.3.rhaos4.14.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "containernetworking-plugins",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:1.27.4-7.2.rhaos4.14.git082c52f.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "cri-o",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:1.27.0-3.2.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "cri-tools",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:2.16.2-2.2.rhaos4.14.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "ignition",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.14.0-202404160939.p0.g7bee54d.assembly.stream.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "openshift",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.14.0-202404151639.p0.gd2acdd5.assembly.stream.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "openshift4-aws-iso",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.14.0-202404151639.p0.g81558cc.assembly.stream.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "openshift-ansible",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.14.0-202404151639.p0.gf7b14a9.assembly.stream.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "openshift-clients",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.14.0-202404151639.p0.g8926a29.assembly.stream.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "openshift-kuryr",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.14.0-202404151639.p0.g607e2dd.assembly.stream.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "ose-aws-ecr-image-credential-provider",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "3:4.4.1-11.4.rhaos4.14.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "podman",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "4:1.1.12-1.2.rhaos4.14.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "runc",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "2:1.11.2-10.4.rhaos4.14.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "skopeo",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.14.19-202403280926.p0.gc1f8861.assembly.4.14.19.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "microshift",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.15::el8",
      "cpe:/a:redhat:openshift:4.15::el9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.15",
    "versions": [
      {
        "status": "unaffected",
        "version": "1:1.29.1-20.3.rhaos4.15.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "buildah",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.15::el8",
      "cpe:/a:redhat:openshift:4.15::el9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.15",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:0.20.0-1.1.rhaos4.15.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "butane",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.15::el8",
      "cpe:/a:redhat:openshift:4.15::el9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.15",
    "versions": [
      {
        "status": "unaffected",
        "version": "1:1.4.0-1.2.rhaos4.15.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "containernetworking-plugins",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.15::el8",
      "cpe:/a:redhat:openshift:4.15::el9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.15",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:1.28.4-8.rhaos4.15.git24f50b9.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "cri-o",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.15::el8",
      "cpe:/a:redhat:openshift:4.15::el9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.15",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:1.28.0-3.1.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "cri-tools",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.15::el8",
      "cpe:/a:redhat:openshift:4.15::el9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.15",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:2.16.2-2.1.rhaos4.15.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "ignition",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.15::el8",
      "cpe:/a:redhat:openshift:4.15::el9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.15",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.15.0-202403211240.p0.g62c4d45.assembly.stream.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "openshift-clients",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.15::el8",
      "cpe:/a:redhat:openshift:4.15::el9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.15",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.15.0-202403211549.p0.g2e3cca1.assembly.stream.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "ose-aws-ecr-image-credential-provider",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.15::el8",
      "cpe:/a:redhat:openshift:4.15::el9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.15",
    "versions": [
      {
        "status": "unaffected",
        "version": "3:4.4.1-21.1.rhaos4.15.el8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "podman",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.15::el8",
      "cpe:/a:redhat:openshift:4.15::el9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.15",
    "versions": [
      {
        "status": "unaffected",
        "version": "4:1.1.12-1.1.rhaos4.15.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "runc",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.15::el8",
      "cpe:/a:redhat:openshift:4.15::el9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.15",
    "versions": [
      {
        "status": "unaffected",
        "version": "2:1.11.2-21.2.rhaos4.15.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "skopeo",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4.15::el9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.15",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.15.6-202403280951.p0.g94b1c2a.assembly.4.15.6.el9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "microshift",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openstack:16.2::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.2",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:3.3.23-16.el8ost",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "etcd",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openstack:17.1::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 17.1 for RHEL 8",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:0.2.1-3.el8ost",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "collectd-sensubility",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openstack:17.1::el9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:3.4.26-8.el9ost",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "etcd",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openstack:17.1::el9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:0.2.1-3.el9ost",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "collectd-sensubility",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift_data_foundation:4.16::el9"
    ],
    "vendor": "Red Hat",
    "product": "RHODF-4.16-RHEL-9",
    "versions": [
      {
        "status": "unaffected",
        "version": "v4.16.0-137",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "odf4/mcg-operator-bundle",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift_data_foundation:4.16::el9"
    ],
    "vendor": "Red Hat",
    "product": "RHODF-4.16-RHEL-9",
    "versions": [
      {
        "status": "unaffected",
        "version": "v4.16.0-38",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "odf4/mcg-rhel9-operator",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:network_bound_disk_encryption_tang:1"
    ],
    "vendor": "Red Hat",
    "product": "NBDE Tang Server",
    "packageName": "tang-operator-bundle-container",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:ocp_tools"
    ],
    "vendor": "Red Hat",
    "product": "OpenShift Developer Tools and Services",
    "packageName": "helm",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:ocp_tools"
    ],
    "vendor": "Red Hat",
    "product": "OpenShift Developer Tools and Services",
    "packageName": "odo",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift_pipelines:1"
    ],
    "vendor": "Red Hat",
    "product": "OpenShift Pipelines",
    "packageName": "openshift-pipelines-client",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:serverless:1"
    ],
    "vendor": "Red Hat",
    "product": "OpenShift Serverless",
    "packageName": "openshift-serverless-clients",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:ansible_automation_platform"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Ansible Automation Platform 1.2",
    "packageName": "helm",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:ansible_automation_platform"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Ansible Automation Platform 1.2",
    "packageName": "openshift-clients",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:ansible_automation_platform:2"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Ansible Automation Platform 2",
    "packageName": "openshift-clients",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:certifications:1::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Certification for Red Hat Enterprise Linux 8",
    "packageName": "redhat-certification-preflight",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:certifications:1::el9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Certification for Red Hat Enterprise Linux 9",
    "packageName": "redhat-certification-preflight",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "packageName": "buildah",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "packageName": "containernetworking-plugins",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "packageName": "host-metering",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "packageName": "podman",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "packageName": "rhc-worker-script",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "packageName": "skopeo",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "packageName": "container-tools:4.0/buildah",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "packageName": "container-tools:4.0/conmon",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "packageName": "container-tools:4.0/containernetworking-plugins",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "packageName": "container-tools:4.0/podman",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "packageName": "container-tools:4.0/runc",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "packageName": "container-tools:4.0/skopeo",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "packageName": "container-tools:4.0/toolbox",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "packageName": "container-tools:rhel8/buildah",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "packageName": "container-tools:rhel8/conmon",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "packageName": "container-tools:rhel8/containernetworking-plugins",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "packageName": "container-tools:rhel8/podman",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "packageName": "container-tools:rhel8/runc",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "packageName": "container-tools:rhel8/skopeo",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "packageName": "container-tools:rhel8/toolbox",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "packageName": "git-lfs",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "packageName": "osbuild-composer",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "packageName": "rhc",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "packageName": "weldr-client",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "packageName": "butane",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "packageName": "conmon",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "packageName": "containernetworking-plugins",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "packageName": "git-lfs",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "packageName": "ignition",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "packageName": "osbuild-composer",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "packageName": "runc",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "packageName": "toolbox",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "packageName": "weldr-client",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "packageName": "conmon-rs",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "packageName": "golang-github-prometheus-promu",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "packageName": "lifecycle-agent-operator-bundle-container",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "packageName": "openshift4/bare-metal-event-relay-operator-bundle",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "packageName": "openshift4/numaresources-operator-bundle",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "packageName": "openshift4/ose-cluster-machine-approver",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "packageName": "rhcos",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift_container_storage:4"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Openshift Container Storage 4",
    "packageName": "mcg",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift_devspaces:3::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Dev Spaces",
    "packageName": "devspaces/machineexec-rhel8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift_gitops:1"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift GitOps",
    "packageName": "openshift-gitops-1/gitops-operator-bundle",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openshift_service_on_aws:1"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift on AWS",
    "packageName": "rosa",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:container_native_virtualization:4"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Virtualization 4",
    "packageName": "kubevirt",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openstack:16.1"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.1",
    "packageName": "etcd",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openstack:16.1"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.1",
    "packageName": "golang-qpid-apache",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openstack:16.1"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.1",
    "packageName": "qpid-proton",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openstack:16.2"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.2",
    "packageName": "golang-github-infrawatch-apputils",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openstack:16.2"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.2",
    "packageName": "golang-qpid-apache",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openstack:16.2"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.2",
    "packageName": "qpid-proton",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openstack:17.1"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 17.1",
    "packageName": "golang-github-infrawatch-apputils",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openstack:17.1"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 17.1",
    "packageName": "golang-qpid-apache",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:openstack:17.1"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 17.1",
    "packageName": "qpid-proton",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:service_interconnect:1"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Service Interconnect 1",
    "packageName": "qpid-proton",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:service_interconnect:1"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Service Interconnect 1",
    "packageName": "skupper-cli",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:service_interconnect:1"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Service Interconnect 1",
    "packageName": "skupper-router",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:rhel_software_collections:3"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Software Collections",
    "packageName": "rh-git227-git-lfs",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:storage:3"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Storage 3",
    "packageName": "heketi",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unknown"
  }
]

References

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

23.4%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial