ID

VAR-202207-0107


CVE

CVE-2022-2097


TITLE

Red Hat Security Advisory 2022-6714-01

Trust: 0.1

sources: PACKETSTORM: 168516

DESCRIPTION

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an malicious user to execute arbitrary commands with the privileges of the script. (CVE-2022-2097). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: RHACS 3.72 enhancement and security update Advisory ID: RHSA-2022:6714-01 Product: RHACS Advisory URL: https://access.redhat.com/errata/RHSA-2022:6714 Issue date: 2022-09-26 CVE Names: CVE-2015-20107 CVE-2022-0391 CVE-2022-1292 CVE-2022-1586 CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 CVE-2022-2068 CVE-2022-2097 CVE-2022-24675 CVE-2022-24921 CVE-2022-28327 CVE-2022-29154 CVE-2022-29526 CVE-2022-30631 CVE-2022-32206 CVE-2022-32208 CVE-2022-34903 ===================================================================== 1. Summary: Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Release of RHACS 3.72 provides these changes: New features * Automatic removal of nonactive clusters from RHACS: RHACS provides the ability to configure your system to automatically remove nonactive clusters from RHACS so that you can monitor active clusters only. * Support for unauthenticated email integration: RHACS now supports unauthenticated SMTP for email integrations. This is insecure and not recommended. * Support for Quay robot accounts: RHACS now supports use of robot accounts in quay.io integrations. You can create robot accounts in Quay that allow you to share credentials for use in multiple repositories. * Ability to view Dockerfile lines in images that introduced components with Common Vulnerabilities and Exposures (CVEs): In the Images view, under Image Findings, you can view individual lines in the Dockerfile that introduced the components that have been identified as containing CVEs. * Network graph improvements: RHACS 3.72 includes some improvements to the Network Graph user interface. Known issue * RHACS shows the wrong severity when two severities exist for a single vulnerability in a single distribution. This issue occurs because RHACS scopes severities by namespace rather than component. There is no workaround. It is anticipated that an upcoming release will include a fix for this issue. (ROX-12527) Bug fixes * Before this update, the steps to configure OpenShift Container Platform OAuth for more than one URI were missing. The documentation has been revised to include instructions for configuring OAuth in OpenShift Container Platform to use more than one URI. For more information, see Creating additional routes for the OpenShift Container Platform OAuth server. (ROX-11296) * Before this update, the autogenerated image integration, such as a Docker registry integration, for a cluster is not deleted when the cluster is removed from Central. This issue is fixed. (ROX-9398) * Before this update, the Image OS policy criteria did not support regular expressions, or regex. However, the documentation indicated that regular expressions were supported. This issue is fixed by adding support for regular expressions for the Image OS policy criteria. (ROX-12301) * Before this update, the syslog integration did not respect a configured TCP proxy. * Before this update, the scanner-db pod failed to start when a resource quota was set for the stackrox namespace, because the init-db container in the pod did not have any resources assigned to it. The init-db container for ScannerDB now specifies resource requests and limits that match the db container. (ROX-12291) Notable technical changes * Scanning support for Red Hat Enterprise Linux 9: RHEL 9 is now generally available (GA). RHACS 3.72 introduces support for analyzing images built with Red Hat Universal Base Image (UBI) 9 and Red Hat Enterprise Linux (RHEL) 9 RPMs for vulnerabilities. * Policy for CVEs with fixable CVSS of 6 or greater disabled by default: Beginning with this release, the Fixable CVSS >= 6 and Privileged policy is no longer enabled by default for new RHACS installations. The configuration of this policy is not changed when upgrading an existing system. A new policy Privileged Containers with Important and Critical Fixable CVEs, which gives an alert for containers running in privileged mode that have important or critical fixable vulnerabilities, has been added. Security Fix(es) * golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) * golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921) * golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327) * golang: syscall: faccessat checks wrong group (CVE-2022-29526) * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: To take advantage of the new features, bug fixes, and enhancements in RHACS 3.72 you are advised to upgrade to RHACS 3.72.0. 4. Bugs fixed (https://bugzilla.redhat.com/): 2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 5. JIRA issues fixed (https://issues.jboss.org/): ROX-12799 - Release RHACS 3.72.0 6. References: https://access.redhat.com/security/cve/CVE-2015-20107 https://access.redhat.com/security/cve/CVE-2022-0391 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-24675 https://access.redhat.com/security/cve/CVE-2022-24921 https://access.redhat.com/security/cve/CVE-2022-28327 https://access.redhat.com/security/cve/CVE-2022-29154 https://access.redhat.com/security/cve/CVE-2022-29526 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/updates/classification/#moderate https://docs.openshift.com/acs/3.72/release_notes/372-release-notes.html 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYzH0ItzjgjWX9erEAQg2Yg//fDLYNktH9vd06FrD5L77TeiYnD/Zx+f5 fk12roODKMOpcV6BmnOyPG0a6POCmhHn1Dn6bOT+7Awx0b9A9cXXDk6jytkpDhh7 O0OxzWZVVvSzNe1TL3WN9vwZqSpAYON8euLBEb16E8pmEv7vXKll3wMQIlctp6Nr ey6DLL718z8ghXbtkkcGsBQqElM4jESvGm5xByMymfRFktvy9LSgTi+Zc7FY7gXL AHitJZiSm57D/pwUHvNltLLkxQfVAGuJXaTHYFyeIi6Z2pdDySYAXcr60mVd6eSh 9/7qGwdsQARwmr174s0xMWRcns6UDvwIWifiXl6FUnTZFlia+lC3xIP1o2CXwoFP Fr7LpF0L9h5BapjSRv1w6qkkJIyJhw5v9VmZQoQ3joZqRQi0I6qLOcp92eik63pM i11ppoeDNwjpSST40Ema3j9PflzxXB7PKBUfKWwqNc2dnWDkiEhNaXOAZ7MqgdLo MB3enlKV4deeWOb5OA1Vlv/lAAJM0h5AOgTIBddYs3CDsyoK9fKm1UF/BEhcWMyr kV3AJ0/zzAK6ev4hQmP8Ug4SbdiHNdM3X1vgH54OVJ3Al3E1nAEyYmELNUITrvXV jJI5thbVwK78vOX9yWcmpZm879BnHnUPzGbS0lF5FVJOSZ8E7LvOE7lCM/dg094z 0riGwT9O9Ys= =hArw -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple Vulnerabilities Date: October 16, 2022 Bugs: #741570, #809980, #832339, #835343, #842489, #856592 ID: 202210-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in denial of service. Background ========== OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.1.1q >= 1.1.1q Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.1.1q" References ========== [ 1 ] CVE-2020-1968 https://nvd.nist.gov/vuln/detail/CVE-2020-1968 [ 2 ] CVE-2021-3711 https://nvd.nist.gov/vuln/detail/CVE-2021-3711 [ 3 ] CVE-2021-3712 https://nvd.nist.gov/vuln/detail/CVE-2021-3712 [ 4 ] CVE-2021-4160 https://nvd.nist.gov/vuln/detail/CVE-2021-4160 [ 5 ] CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778 [ 6 ] CVE-2022-1292 https://nvd.nist.gov/vuln/detail/CVE-2022-1292 [ 7 ] CVE-2022-1473 https://nvd.nist.gov/vuln/detail/CVE-2022-1473 [ 8 ] CVE-2022-2097 https://nvd.nist.gov/vuln/detail/CVE-2022-2097 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202210-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Description: Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Space precludes documenting all of these changes in this advisory. Bugs fixed (https://bugzilla.redhat.com/): 2031228 - CVE-2021-43813 grafana: directory traversal vulnerability 2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources 2115198 - build ceph containers for RHCS 5.2 release 5. Summary: An update is now available for RHOL-5.5-RHEL-8. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2058404 - CVE-2022-0759 kubeclient: kubeconfig parsing error can lead to MITM attacks 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1415 - Allow users to tune fluentd LOG-1539 - Events and CLO csv are not collected after running `oc adm must-gather --image=$downstream-clo-image ` LOG-1713 - Reduce Permissions granted for prometheus-k8s service account LOG-2063 - Collector pods fail to start when a Vector only Cluster Logging instance is created. LOG-2134 - The infra logs are sent to app-xx indices LOG-2159 - Cluster Logging Pods in CrashLoopBackOff LOG-2165 - [Vector] Default log level debug makes it hard to find useful error/failure messages. LOG-2167 - [Vector] Collector pods fails to start with configuration error when using Kafka SASL over SSL LOG-2169 - [Vector] Logs not being sent to Kafka with SASL plaintext. LOG-2172 - [vector]The openshift-apiserver and ovn audit logs can not be collected. LOG-2242 - Log file metric exporter is still following /var/log/containers files. LOG-2243 - grafana-dashboard-cluster-logging should be deleted once clusterlogging/instance was removed LOG-2264 - Logging link should contain an icon LOG-2274 - [Logging 5.5] EO doesn't recreate secrets kibana and kibana-proxy after removing them. LOG-2276 - Fluent config format is hard to read via configmap LOG-2290 - ClusterLogging Instance status in not getting updated in UI LOG-2291 - [release-5.5] Events listing out of order in Kibana 6.8.1 LOG-2294 - [Vector] Vector internal metrics are not exposed via HTTPS due to which OpenShift Monitoring Prometheus service cannot scrape the metrics endpoint. LOG-2300 - [Logging 5.5]ES pods can't be ready after removing secret/signing-elasticsearch LOG-2303 - [Logging 5.5] Elasticsearch cluster upgrade stuck LOG-2308 - configmap grafana-dashboard-elasticsearch is being created and deleted continously LOG-2333 - Journal logs not reaching Elasticsearch output LOG-2337 - [Vector] Missing @ prefix from the timestamp field in log record. LOG-2342 - [Logging 5.5] Kibana pod can't connect to ES cluster after removing secret/signing-elasticsearch: "x509: certificate signed by unknown authority" LOG-2384 - Provide a method to get authenticated from GCP LOG-2411 - [Vector] Audit logs forwarding not working. LOG-2412 - CLO's loki output url is parsed wrongly LOG-2413 - PriorityClass cluster-logging is deleted if provide an invalid log type LOG-2418 - EO supported time units don't match the units specified in CRDs. LOG-2439 - Telemetry: the managedStatus&healthStatus&version values are wrong LOG-2440 - [loki-operator] Live tail of logs does not work on OpenShift LOG-2444 - The write index is removed when `the size of the index` > `diskThresholdPercent% * total size`. LOG-2460 - [Vector] Collector pods fail to start on a FIPS enabled cluster. LOG-2461 - [Vector] Vector auth config not generated when user provided bearer token is used in a secret for connecting to LokiStack. LOG-2463 - Elasticsearch operator repeatedly prints error message when checking indices LOG-2474 - EO shouldn't grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.5] LOG-2522 - CLO supported time units don't match the units specified in CRDs. LOG-2525 - The container's logs are not sent to separate index if the annotation is added after the pod is ready. LOG-2546 - TLS handshake error on loki-gateway for FIPS cluster LOG-2549 - [Vector] [master] Journald logs not sent to the Log store when using Vector as collector. LOG-2554 - [Vector] [master] Fallback index is not used when structuredTypeKey is missing from JSON log data LOG-2588 - FluentdQueueLengthIncreasing rule failing to be evaluated. LOG-2596 - [vector]the condition in [transforms.route_container_logs] is inaccurate LOG-2599 - Supported values for level field don't match documentation LOG-2605 - $labels.instance is empty in the message when firing FluentdNodeDown alert LOG-2609 - fluentd and vector are unable to ship logs to elasticsearch when cluster-wide proxy is in effect LOG-2619 - containers violate PodSecurity -- Log Exporation LOG-2627 - containers violate PodSecurity -- Loki LOG-2649 - Level Critical should match the beginning of the line as the other levels LOG-2656 - Logging uses deprecated v1beta1 apis LOG-2664 - Deprecated Feature logs causing too much noise LOG-2665 - [Logging 5.5] Sometimes collector fails to push logs to Elasticsearch cluster LOG-2693 - Integration with Jaeger fails for ServiceMonitor LOG-2700 - [Vector] vector container can't start due to "unknown field `pod_annotation_fields`" . LOG-2703 - Collector DaemonSet is not removed when CLF is deleted for fluentd/vector only CL instance LOG-2725 - Upgrade logging-eventrouter Golang version and tags LOG-2731 - CLO keeps reporting `Reconcile ServiceMonitor retry error` and `Reconcile Service retry error` after creating clusterlogging. LOG-2732 - Prometheus Operator pod throws 'skipping servicemonitor' error on Jaeger integration LOG-2742 - unrecognized outputs when use the sts role secret LOG-2746 - CloudWatch forwarding rejecting large log events, fills tmpfs LOG-2749 - OpenShift Logging Dashboard for Elastic Shards shows "active_primary" instead of "active" shards. LOG-2753 - Update Grafana configuration for LokiStack integration on grafana/loki repo LOG-2763 - [Vector]{Master} Vector's healthcheck fails when forwarding logs to Lokistack. LOG-2764 - ElasticSearch operator does not respect referencePolicy when selecting oauth-proxy image LOG-2765 - ingester pod can not be started in IPv6 cluster LOG-2766 - [vector] failed to parse cluster url: invalid authority IPv6 http-proxy LOG-2772 - arn validation failed when role_arn=arn:aws-us-gov:xxx LOG-2773 - No cluster-logging-operator-metrics service in logging 5.5 LOG-2778 - [Vector] [OCP 4.11] SA token not added to Vector config when connecting to LokiStack instance without CLF creds secret required by LokiStack. LOG-2784 - Japanese log messages are garbled at Kibana LOG-2793 - [Vector] OVN audit logs are missing the level field. LOG-2864 - [vector] Can not sent logs to default when loki is the default output in CLF LOG-2867 - [fluentd] All logs are sent to application tenant when loki is used as default logstore in CLF. LOG-2873 - [Vector] Cannot configure CPU/Memory requests/limits when using Vector as collector. LOG-2875 - Seeing a black rectangle box on the graph in Logs view LOG-2876 - The link to the 'Container details' page on the 'Logs' screen throws error LOG-2877 - When there is no query entered, seeing error message on the Logs view LOG-2882 - RefreshIntervalDropdown and TimeRangeDropdown always set back to its original values when switching between pages in 'Logs' screen 6. Description: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. RHEL-8-CNV-4.12 ============= bridge-marker-container-v4.12.0-24 cluster-network-addons-operator-container-v4.12.0-24 cnv-containernetworking-plugins-container-v4.12.0-24 cnv-must-gather-container-v4.12.0-58 hco-bundle-registry-container-v4.12.0-769 hostpath-csi-driver-container-v4.12.0-30 hostpath-provisioner-container-v4.12.0-30 hostpath-provisioner-operator-container-v4.12.0-31 hyperconverged-cluster-operator-container-v4.12.0-96 hyperconverged-cluster-webhook-container-v4.12.0-96 kubemacpool-container-v4.12.0-24 kubevirt-console-plugin-container-v4.12.0-182 kubevirt-ssp-operator-container-v4.12.0-64 kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55 kubevirt-tekton-tasks-copy-template-container-v4.12.0-55 kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55 kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55 kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55 kubevirt-tekton-tasks-operator-container-v4.12.0-40 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55 kubevirt-template-validator-container-v4.12.0-32 libguestfs-tools-container-v4.12.0-255 ovs-cni-marker-container-v4.12.0-24 ovs-cni-plugin-container-v4.12.0-24 virt-api-container-v4.12.0-255 virt-artifacts-server-container-v4.12.0-255 virt-cdi-apiserver-container-v4.12.0-72 virt-cdi-cloner-container-v4.12.0-72 virt-cdi-controller-container-v4.12.0-72 virt-cdi-importer-container-v4.12.0-72 virt-cdi-operator-container-v4.12.0-72 virt-cdi-uploadproxy-container-v4.12.0-71 virt-cdi-uploadserver-container-v4.12.0-72 virt-controller-container-v4.12.0-255 virt-exportproxy-container-v4.12.0-255 virt-exportserver-container-v4.12.0-255 virt-handler-container-v4.12.0-255 virt-launcher-container-v4.12.0-255 virt-operator-container-v4.12.0-255 virtio-win-container-v4.12.0-10 vm-network-latency-checkup-container-v4.12.0-89 3. Bugs fixed (https://bugzilla.redhat.com/): 1719190 - Unable to cancel live-migration if virt-launcher pod in pending state 2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040377 - Unable to delete failed VMIM after VM deleted 2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed 2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value 2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString 2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control 2060499 - [RFE] Cannot add additional service (or other objects) to VM template 2069098 - Large scale |VMs migration is slow due to low migration parallelism 2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass 2071491 - Storage Throughput metrics are incorrect in Overview 2072797 - Metrics in Virtualization -> Overview period is not clear or configurable 2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers 2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode 2086551 - Min CPU feature found in labels 2087724 - Default template show no boot source even there are auto-upload boot sources 2088129 - [SSP] webhook does not comply with restricted security context 2088464 - [CDI] cdi-deployment does not comply with restricted security context 2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR 2089744 - HCO should label its control plane namespace to admit pods at privileged security level 2089751 - 4.12.0 containers 2089804 - 4.12.0 rpms 2091856 - ?Edit BootSource? action should have more explicit information when disabled 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer 2093771 - The disk source should be PVC if the template has no auto-update boot source 2093996 - kubectl get vmi API should always return primary interface if exist 2094202 - Cloud-init username field should have hint 2096285 - KubeVirt CR API documentation is missing docs for many fields 2096780 - [RFE] Add ssh-key and sysprep to template scripts tab 2097436 - Online disk expansion ignores filesystem overhead change 2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP 2099556 - [RFE] Add option to enable RDP service for windows vm 2099573 - [RFE] Improve template's message about not editable 2099923 - [RFE] Merge "SSH access" and "SSH command" into one 2100290 - Error is not dismissed on catalog review page 2100436 - VM list filtering ignores VMs in error-states 2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2100629 - Update nested support KBASE article 2100679 - The number of hardware devices is not correct in vm overview tab 2100682 - All hardware devices get deleted while just delete one 2100684 - Workload profile are not editable during creation and after creation 2101144 - VM filter has two "Other" checkboxes which are triggered together 2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode 2101167 - Edit buttons clickable area is too large. 2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id 2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state 2101390 - Easy to miss the "tick" when adding GPU device to vm via UI 2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id 2101423 - wrong user name on using ignition 2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page 2101445 - "Pending changes - Boot Order" 2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user 2101499 - Cannot add NIC to VM template as non-priv user 2101501 - NAME parameter in VM template has no effect. 2101628 - non-priv user cannot load dataSource while edit template's rootdisk 2101667 - VMI view is not aligned with vm and tempates 2101681 - All templates are labeling "source available" in template list page 2102074 - VM Creation time on VM Overview Details card lacks string 2102125 - vm clone modal is displaying DV size instead of PVC size 2102132 - align the utilization card of single VM overview with the design 2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"? 2102256 - Add button moved to right 2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal 2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other' 2102561 - sysprep-info should link to downstream doc 2102737 - Clone a VM should lead to vm overview tab 2102740 - "Save" button on vm clone modal should be "Clone" 2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab 2103807 - PVC is not named by VM name while creating vm quickly 2103817 - Workload profile values in vm details should align with template's value 2103844 - VM nic model is empty 2104331 - VM list page scroll up automatically 2104402 - VM create button is not enabled while adding multiple environment disks 2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed 2104424 - Enable descheduler or hide it on template's scheduling tab 2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted 2104480 - Alerts in VM overview tab disappeared after a few seconds 2104785 - "Add disk" and "Disks" are on the same line 2104859 - [RFE] Add "Copy SSH command" to VM action list 2105257 - Can't set log verbosity level for virt-operator pod 2106175 - All pages are crashed after visit Virtualization -> Overview 2106963 - Cannot add configmap for windows VM 2107279 - VM Template's bootable disk can be marked as bootable 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 2108339 - datasource does not provide timestamp when updated 2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed 2109818 - Upstream metrics documentation is not detailed enough 2109975 - DataVolume fails to import "cirros-container-disk-demo" image 2110256 - Storage -> PVC -> upload data, does not support source reference 2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls 2111240 - GiB changes to B in Template's Edit boot source reference modal 2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics 2111328 - kubevirt plugin console crashed after visit vmi page 2111378 - VM SSH command generated by UI points at api VIP 2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates` 2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi) 2112900 - button style are different 2114516 - Nothing happens after clicking on Fedora cloud image list link 2114636 - The style of displayed items are not unified on VM tabs 2114683 - VM overview tab is crashed just after the vm is created 2115257 - Need to Change system-product-name to "OpenShift Virtualization" in CNV-4.12 2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass 2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items 2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates 2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF' 2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found" 2117549 - Cannot edit cloud-init data after add ssh key 2117803 - Cannot edit ssh even vm is stopped 2117813 - Improve descriptive text of VM details while VM is off 2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs 2118257 - outdated doc link tolerations modal 2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format 2119069 - Unable to start windows VMs on PSI setups 2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2119309 - readinessProbe in VM stays on failed 2119615 - Change the disk size causes the unit changed 2120907 - Cannot filter disks by label 2121320 - Negative values in migration metrics 2122236 - Failing to delete HCO with SSP sticking around 2122990 - VMExport should check APIGroup 2124147 - "ReadOnlyMany" should not be added to supported values in memory dump 2124307 - Ui crash/stuck on loading when trying to detach disk on a VM 2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it 2124555 - View documentation link on MigrationPolicies page des not work 2124557 - MigrationPolicy description is not displayed on Details page 2124558 - Non-privileged user can start MigrationPolicy creation 2124565 - Deleted DataSource reappears in list 2124572 - First annotation can not be added to DataSource 2124582 - Filtering VMs by OS does not work 2124594 - Docker URL validation is inconsistent over application 2124597 - Wrong case in Create DataSource menu 2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile 2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state 2127787 - Expose the PVC source of the dataSource on UI 2127843 - UI crashed by selecting "Live migration network" 2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes 2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer 2128002 - Error after VM template deletion 2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards 2128872 - [4.11]Can't restore cloned VM 2128948 - Cannot create DataSource from default YAML 2128949 - Cannot create MigrationPolicy from example YAML 2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2129013 - Mark Windows 11 as TechPreview 2129234 - Service is not deleted along with the VM when the VM is created from a template with service 2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data' 2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook 2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV 2130588 - crypto-policy : Common Ciphers support by apiserver and hco 2130695 - crypto-policy : Logging Improvement and publish the source of ciphers 2130909 - Non-privileged user can start DataSource creation 2131157 - KV data transfer rate chart in VM Metrics tab is not displayed 2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough 2131674 - Bump virtlogd memory requirement to 20Mi 2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11 2132682 - Default YAML entity name convention. 2132721 - Delete dialogs 2132744 - Description text is missing in Live Migrations section 2132746 - Background is broken in Virtualization Monitoring page 2132783 - VM can not be created from Template with edited boot source 2132793 - Edited Template BSR is not saved 2132932 - Typo in PVC size units menu 2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed 2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed 2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed 2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed 2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed 2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed 2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed 2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed 2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod 2134672 - [e2e] add data-test-id for catalog -> storage section 2134825 - Authorization for expand-spec endpoint missing 2135805 - Windows 2022 template is missing vTPM and UEFI params in spec 2136051 - Name jumping when trying to create a VM with source from catalog 2136425 - Windows 11 is detected as Windows 10 2136534 - Not possible to specify a TTL on VMExports 2137123 - VMExport: export pod is not PSA complaint 2137241 - Checkbox about delete vm disks is not loaded while deleting VM 2137243 - registery input add docker prefix twice 2137349 - "Manage source" action infinitely loading on DataImportCron details page 2137591 - Inconsistent dialog headings/titles 2137731 - Link of VM status in overview is not working 2137733 - No link for VMs in error status in "VirtualMachine statuses" card 2137736 - The column name "MigrationPolicy name" can just be "Name" 2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly 2138112 - Unsupported S3 endpoint option in Add disk modal 2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals 2138199 - Win11 and Win22 templates are not filtered properly by Template provider 2138653 - Saving Template prameters reloads the page 2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail 2138664 - VM that was created with SSH key fails to start 2139257 - Cannot add disk via "Using an existing PVC" 2139260 - Clone button is disabled while VM is running 2139293 - Non-admin user cannot load VM list page 2139296 - Non-admin cannot load MigrationPolicies page 2139299 - No auto-generated VM name while creating VM by non-admin user 2139306 - Non-admin cannot create VM via customize mode 2139479 - virtualization overview crashes for non-priv user 2139574 - VM name gets "emptyname" if click the create button quickly 2139651 - non-priv user can click create when have no permissions 2139687 - catalog shows template list for non-priv users 2139738 - [4.12]Can't restore cloned VM 2139820 - non-priv user cant reach vm details 2140117 - Provide upgrade path from 4.11.1->4.12.0 2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project 2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user 2140627 - Not able to select storageClass if there is no default storageclass defined 2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user 2140808 - Hyperv feature set to "enabled: false" prevents scheduling 2140977 - Alerts number is not correct on Virtualization overview 2140982 - The base template of cloned template is "Not available" 2140998 - Incorrect information shows in overview page per namespace 2141089 - Unable to upload boot images. 2141302 - Unhealthy states alerts and state metrics are missing 2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations 2141494 - "Start in pause mode" option is not available while creating the VM 2141654 - warning log appearing on VMs: found no SR-IOV networks 2141711 - Node column selector is redundant for non-priv user 2142468 - VM action "Stop" should not be disabled when VM in pause state 2142470 - Delete a VM or template from all projects leads to 404 error 2142511 - Enhance alerts card in overview 2142647 - Error after MigrationPolicy deletion 2142891 - VM latency checkup: Failed to create the checkup's Job 2142929 - Permission denied when try get instancestypes 2143268 - Topolvm storageProfile missing accessModes and volumeMode 2143498 - Could not load template while creating VM from catalog 2143964 - Could not load template while creating VM from catalog 2144580 - "?" icon is too big in VM Template Disk tab 2144828 - "?" icon is too big in VM Template Disk tab 2144839 - Alerts number is not correct on Virtualization overview 2153849 - After upgrade to 4.11.1->4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten 2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container 5. ========================================================================== Ubuntu Security Notice USN-6457-1 October 30, 2023 nodejs vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Node.js. Software Description: - nodejs: An open-source, cross-platform JavaScript runtime environment. Details: Tavis Ormandy discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-0778) Elison Niven discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2022-1292) Chancen and Daniel Fiala discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2022-2068) Alex Chernyakhovsky discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2022-2097) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: libnode-dev 12.22.9~dfsg-1ubuntu3.1 libnode72 12.22.9~dfsg-1ubuntu3.1 nodejs 12.22.9~dfsg-1ubuntu3.1 nodejs-doc 12.22.9~dfsg-1ubuntu3.1 In general, a standard system update will make all the necessary changes. Description: Multicluster Engine for Kubernetes 2.0.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Security updates: * moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129) * vm2: Sandbox Escape in vm2 (CVE-2022-36067) Bug fix: * MCE 2.0.2 images (BZ# 2104569) 3. Solution: For multicluster engine for Kubernetes, see the following documentation for details on how to install the images: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/multicluster_engine/index#installing-while-connected-online 4. Bugs fixed (https://bugzilla.redhat.com/): 2104569 - MCE 2.0.2 Images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2 5. Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly, for detailed release notes: https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html 4. Bug Fix(es): * Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api (BZ#2033191) * Restart of VM Pod causes SSH keys to be regenerated within VM (BZ#2087177) * Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR (BZ#2089391) * [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass (BZ#2098225) * Fedora version in DataImportCrons is not 'latest' (BZ#2102694) * [4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted (BZ#2109407) * CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls (BZ#2110562) * Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based (BZ#2112643) * Unable to start windows VMs on PSI setups (BZ#2115371) * [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 (BZ#2128997) * Mark Windows 11 as TechPreview (BZ#2129013) * 4.11.1 rpms (BZ#2139453) This advisory contains the following OpenShift Virtualization 4.11.1 images. RHEL-8-CNV-4.11 virt-cdi-operator-container-v4.11.1-5 virt-cdi-uploadserver-container-v4.11.1-5 virt-cdi-apiserver-container-v4.11.1-5 virt-cdi-importer-container-v4.11.1-5 virt-cdi-controller-container-v4.11.1-5 virt-cdi-cloner-container-v4.11.1-5 virt-cdi-uploadproxy-container-v4.11.1-5 checkup-framework-container-v4.11.1-3 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7 kubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7 kubevirt-template-validator-container-v4.11.1-4 virt-handler-container-v4.11.1-5 hostpath-provisioner-operator-container-v4.11.1-4 virt-api-container-v4.11.1-5 vm-network-latency-checkup-container-v4.11.1-3 cluster-network-addons-operator-container-v4.11.1-5 virtio-win-container-v4.11.1-4 virt-launcher-container-v4.11.1-5 ovs-cni-marker-container-v4.11.1-5 hyperconverged-cluster-webhook-container-v4.11.1-7 virt-controller-container-v4.11.1-5 virt-artifacts-server-container-v4.11.1-5 kubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7 kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7 libguestfs-tools-container-v4.11.1-5 hostpath-provisioner-container-v4.11.1-4 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7 kubevirt-tekton-tasks-copy-template-container-v4.11.1-7 cnv-containernetworking-plugins-container-v4.11.1-5 bridge-marker-container-v4.11.1-5 virt-operator-container-v4.11.1-5 hostpath-csi-driver-container-v4.11.1-4 kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7 kubemacpool-container-v4.11.1-5 hyperconverged-cluster-operator-container-v4.11.1-7 kubevirt-ssp-operator-container-v4.11.1-4 ovs-cni-plugin-container-v4.11.1-5 kubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7 kubevirt-tekton-tasks-operator-container-v4.11.1-2 cnv-must-gather-container-v4.11.1-8 kubevirt-console-plugin-container-v4.11.1-9 hco-bundle-registry-container-v4.11.1-49 3

Trust: 1.89

sources: NVD: CVE-2022-2097 // VULMON: CVE-2022-2097 // PACKETSTORM: 168516 // PACKETSTORM: 168714 // PACKETSTORM: 168022 // PACKETSTORM: 168112 // PACKETSTORM: 169435 // PACKETSTORM: 170741 // PACKETSTORM: 175432 // PACKETSTORM: 168347 // PACKETSTORM: 168289 // PACKETSTORM: 170083

AFFECTED PRODUCTS

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:netappmodel:h500sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h300sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:clustered data ontap antivirus connectorscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h410sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h410cscope:eqversion: -

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.1.1

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.1.1q

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:36

Trust: 1.0

vendor:netappmodel:h700sscope:eqversion: -

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:3.0.0

Trust: 1.0

vendor:siemensmodel:sinec insscope:ltversion:1.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:3.0.5

Trust: 1.0

vendor:siemensmodel:sinec insscope:eqversion:1.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

sources: NVD: CVE-2022-2097

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-2097
value: MEDIUM

Trust: 1.0

VULMON: CVE-2022-2097
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-2097
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2022-2097
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2022-2097 // NVD: CVE-2022-2097

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.0

sources: NVD: CVE-2022-2097

THREAT TYPE

remote

Trust: 0.1

sources: PACKETSTORM: 175432

TYPE

arbitrary

Trust: 0.1

sources: PACKETSTORM: 175432

PATCH

title:Amazon Linux 2: ALAS2-2023-1974url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2023-1974

Trust: 0.1

title:Red Hat: url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-2097

Trust: 0.1

title:Debian CVElist Bug Report Logs: openssl: CVE-2022-2097url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=740b837c53d462fc86f3cb0849b86ca0

Trust: 0.1

title:Red Hat: Moderate: openssl security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225818 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: openssl security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226224 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-5343-1 openssl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=b6a11b827fe9cfaea9c113b2ad37856f

Trust: 0.1

title:Red Hat: Important: Release of containers for OSP 16.2.z director operator tech previewurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226517 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Self Node Remediation Operator 0.4.1 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226184 - Security Advisory

Trust: 0.1

title:Amazon Linux 2022: ALAS2022-2022-147url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-147

Trust: 0.1

title:Red Hat: Critical: Multicluster Engine for Kubernetes 2.0.2 security and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226422 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.11.1 bug fix and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226103 - Security Advisory

Trust: 0.1

title:Brocade Security Advisories: Access Deniedurl:https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories&qid=38e06d13217149784c0941a3098b8989

Trust: 0.1

title:Amazon Linux 2022: ALAS2022-2022-195url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-195

Trust: 0.1

title:Red Hat: Important: Node Maintenance Operator 4.11.1 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226188 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Openshift Logging Security and Bug Fix update (5.3.11)url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226182 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Logging Subsystem 5.5.0 - Red Hat OpenShift security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226051 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat OpenShift Service Mesh 2.2.2 Containers security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226283 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Logging Subsystem 5.4.5 Security and Bug Fix Updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226183 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: Red Hat Advanced Cluster Management 2.5.2 security fixes and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226507 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: RHOSDT 2.6.0 operator/operand containers Security Updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20227055 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: OpenShift sandboxed containers 1.3.1 security fix and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20227058 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: New container image for Red Hat Ceph Storage 5.2 Security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226024 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: RHACS 3.72 enhancement and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226714 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226290 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Gatekeeper Operator v0.2 security and container updatesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226348 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Multicluster Engine for Kubernetes 2.1 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226345 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: RHSA: Submariner 0.13 - security and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226346 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226430 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Advanced Cluster Management 2.6.0 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226370 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.12 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226271 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226696 - Security Advisory

Trust: 0.1

title:Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Centerurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2023-126

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226156 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: OpenShift Virtualization 4.11.1 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20228750 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenShift Virtualization 4.11.0 Images security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226526 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226429 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenShift Virtualization 4.12.0 Images security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230408 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Openshift Logging 5.3.14 bug fix release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20228889 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Logging Subsystem 5.5.5 - Red Hat OpenShift security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20228781 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform 4.11.0 bug fix and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225069 - Security Advisory

Trust: 0.1

title:https://github.com/jntass/TASSL-1.1.1url:https://github.com/jntass/TASSL-1.1.1

Trust: 0.1

title:BIF - The Fairwinds Base Image Finder Clienturl:https://github.com/FairwindsOps/bif

Trust: 0.1

title:https://github.com/tianocore-docs/ThirdPartySecurityAdvisoriesurl:https://github.com/tianocore-docs/ThirdPartySecurityAdvisories

Trust: 0.1

title:GitHub Actions CI App Pipelineurl:https://github.com/isgo-golgo13/gokit-gorillakit-enginesvc

Trust: 0.1

title:https://github.com/cdupuis/image-apiurl:https://github.com/cdupuis/image-api

Trust: 0.1

title:OpenSSL-CVE-liburl:https://github.com/chnzzh/OpenSSL-CVE-lib

Trust: 0.1

title:PoC in GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub

Trust: 0.1

title:PoC in GitHuburl:https://github.com/manas3c/CVE-POC

Trust: 0.1

sources: VULMON: CVE-2022-2097

EXTERNAL IDS

db:NVDid:CVE-2022-2097

Trust: 2.1

db:SIEMENSid:SSA-332410

Trust: 1.1

db:ICS CERTid:ICSA-23-017-03

Trust: 0.1

db:VULMONid:CVE-2022-2097

Trust: 0.1

db:PACKETSTORMid:168516

Trust: 0.1

db:PACKETSTORMid:168714

Trust: 0.1

db:PACKETSTORMid:168022

Trust: 0.1

db:PACKETSTORMid:168112

Trust: 0.1

db:PACKETSTORMid:169435

Trust: 0.1

db:PACKETSTORMid:170741

Trust: 0.1

db:PACKETSTORMid:175432

Trust: 0.1

db:PACKETSTORMid:168347

Trust: 0.1

db:PACKETSTORMid:168289

Trust: 0.1

db:PACKETSTORMid:170083

Trust: 0.1

sources: VULMON: CVE-2022-2097 // PACKETSTORM: 168516 // PACKETSTORM: 168714 // PACKETSTORM: 168022 // PACKETSTORM: 168112 // PACKETSTORM: 169435 // PACKETSTORM: 170741 // PACKETSTORM: 175432 // PACKETSTORM: 168347 // PACKETSTORM: 168289 // PACKETSTORM: 170083 // NVD: CVE-2022-2097

REFERENCES

url:https://security.gentoo.org/glsa/202210-02

Trust: 1.2

url:https://www.openssl.org/news/secadv/20220705.txt

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20220715-0011/

Trust: 1.1

url:https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

Trust: 1.1

url:https://www.debian.org/security/2023/dsa-5343

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20230420-0008/

Trust: 1.1

url:https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93

Trust: 1.1

url:https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=919925673d6c9cfed3c1085497f5dfbbed5fc431

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/v6567jerrhhjw2gngjgkdrnhr7snpzk7/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/r6ck57nbqftpumxapjurcgxuyt76nqak/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vcmnwkerpbkoebnl7clttx3zzczlh7xa/

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1292

Trust: 1.0

url:https://security.netapp.com/advisory/ntap-20240621-0006/

Trust: 1.0

url:https://access.redhat.com/security/cve/cve-2022-2097

Trust: 0.8

url:https://access.redhat.com/security/team/contact/

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2022-1292

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2022-1586

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2022-2068

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-2097

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-1586

Trust: 0.8

url:https://bugzilla.redhat.com/):

Trust: 0.8

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-2068

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2022-1785

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2022-1897

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2022-1927

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-1897

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-32206

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-32208

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-1785

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-1927

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-0391

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-20107

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2015-20107

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-30631

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-0391

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-34903

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-29154

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-29154

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-38561

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-38561

Trust: 0.3

url:https://issues.jboss.org/):

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-28327

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-29526

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-24921

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-24675

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0778

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-30631

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-31129

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-31129

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-30698

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-30629

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-1304

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-26716

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-27406

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-30293

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35525

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-40674

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22624

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22662

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-0308

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35527

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0934

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-0256

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-3709

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-3709

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22629

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-26717

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-35525

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-24795

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-26719

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2509

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-26709

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-0256

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-26700

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-27405

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25308

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-26710

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-1304

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25309

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-27404

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-30699

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-35527

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25310

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22628

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0934

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-0308

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-37434

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-3515

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32206

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32208

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-2526

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2526

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/327.html

Trust: 0.1

url:https://alas.aws.amazon.com/al2/alas-2023-1974.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/fairwindsops/bif

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-03

Trust: 0.1

url:https://alas.aws.amazon.com/al2022/alas-2022-195.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6714

Trust: 0.1

url:https://docs.openshift.com/acs/3.72/release_notes/372-release-notes.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-29526

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24921

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-28327

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24675

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1968

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3711

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3712

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1473

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4160

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25314

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43813

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27782

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22576

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27776

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0670

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22576

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.2/html-single/release_notes/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-40528

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-43813

Trust: 0.1

url:https://access.redhat.com/articles/1548993

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25313

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27774

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0670

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25314

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-40528

Trust: 0.1

url:https://access.redhat.com/articles/2789521

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21673

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21673

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25313

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-29824

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6024

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0759

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-32250

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21698

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1012

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1012

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32250

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0759

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6051

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21698

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0536

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24785

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7055

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3918

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1650

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1650

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3918

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0536

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0408

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30632

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23772

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28131

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44716

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30633

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1705

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42898

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23773

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30630

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1962

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30635

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3787

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44716

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44717

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-32148

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23806

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1798

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44717

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-6457-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nodejs/12.22.9~dfsg-1ubuntu3.1

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6422

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-36067

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/multicluster_engine/index#installing-while-connected-online

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-36067

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6182

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-38177

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:8750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-38178

Trust: 0.1

sources: VULMON: CVE-2022-2097 // PACKETSTORM: 168516 // PACKETSTORM: 168714 // PACKETSTORM: 168022 // PACKETSTORM: 168112 // PACKETSTORM: 169435 // PACKETSTORM: 170741 // PACKETSTORM: 175432 // PACKETSTORM: 168347 // PACKETSTORM: 168289 // PACKETSTORM: 170083 // NVD: CVE-2022-2097

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 168516 // PACKETSTORM: 168022 // PACKETSTORM: 168112 // PACKETSTORM: 169435 // PACKETSTORM: 170741 // PACKETSTORM: 168347 // PACKETSTORM: 168289 // PACKETSTORM: 170083

SOURCES

db:VULMONid:CVE-2022-2097
db:PACKETSTORMid:168516
db:PACKETSTORMid:168714
db:PACKETSTORMid:168022
db:PACKETSTORMid:168112
db:PACKETSTORMid:169435
db:PACKETSTORMid:170741
db:PACKETSTORMid:175432
db:PACKETSTORMid:168347
db:PACKETSTORMid:168289
db:PACKETSTORMid:170083
db:NVDid:CVE-2022-2097

LAST UPDATE DATE

2025-04-22T22:44:35.590000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-2097date:2023-11-07T00:00:00
db:NVDid:CVE-2022-2097date:2024-06-21T19:15:23.083

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-2097date:2022-07-05T00:00:00
db:PACKETSTORMid:168516date:2022-09-27T15:41:11
db:PACKETSTORMid:168714date:2022-10-17T13:44:06
db:PACKETSTORMid:168022date:2022-08-10T15:50:41
db:PACKETSTORMid:168112date:2022-08-19T15:03:34
db:PACKETSTORMid:169435date:2022-10-20T14:19:18
db:PACKETSTORMid:170741date:2023-01-26T15:29:09
db:PACKETSTORMid:175432date:2023-10-31T13:11:25
db:PACKETSTORMid:168347date:2022-09-13T15:29:12
db:PACKETSTORMid:168289date:2022-09-07T17:09:04
db:PACKETSTORMid:170083date:2022-12-02T15:57:08
db:NVDid:CVE-2022-2097date:2022-07-05T11:15:08.340