Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 7 |
CVE-ID | CVE-2021-21684 CVE-2022-0532 CVE-2014-3577 CVE-2021-41190 CVE-2021-44717 CVE-2021-44716 CVE-2012-6153 |
CWE-ID | CWE-79 CWE-732 CWE-295 CWE-843 CWE-400 CWE-20 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
openshift-ansible (Red Hat package) Operating systems & Components / Operating system package or component toolbox (Red Hat package) Operating systems & Components / Operating system package or component skopeo (Red Hat package) Operating systems & Components / Operating system package or component rust-bootupd (Red Hat package) Operating systems & Components / Operating system package or component rust-afterburn (Red Hat package) Operating systems & Components / Operating system package or component runc (Red Hat package) Operating systems & Components / Operating system package or component redhat-release-coreos (Red Hat package) Operating systems & Components / Operating system package or component python-tooz (Red Hat package) Operating systems & Components / Operating system package or component python-sushy-oem-idrac (Red Hat package) Operating systems & Components / Operating system package or component python-sushy (Red Hat package) Operating systems & Components / Operating system package or component python-stevedore (Red Hat package) Operating systems & Components / Operating system package or component python-scciclient (Red Hat package) Operating systems & Components / Operating system package or component python-proliantutils (Red Hat package) Operating systems & Components / Operating system package or component python-pbr (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-utils (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-upgradecheck (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-service (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-serialization (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-policy (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-metrics (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-messaging (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-log (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-i18n (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-db (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-context (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-config (Red Hat package) Operating systems & Components / Operating system package or component python-oslo-concurrency (Red Hat package) Operating systems & Components / Operating system package or component python-osc-lib (Red Hat package) Operating systems & Components / Operating system package or component python-openstacksdk (Red Hat package) Operating systems & Components / Operating system package or component python-keystoneauth1 (Red Hat package) Operating systems & Components / Operating system package or component python-ironicclient (Red Hat package) Operating systems & Components / Operating system package or component python-ironic-prometheus-exporter (Red Hat package) Operating systems & Components / Operating system package or component python-ironic-lib (Red Hat package) Operating systems & Components / Operating system package or component python-hardware (Red Hat package) Operating systems & Components / Operating system package or component python-dracclient (Red Hat package) Operating systems & Components / Operating system package or component python-debtcollector (Red Hat package) Operating systems & Components / Operating system package or component python-cliff (Red Hat package) Operating systems & Components / Operating system package or component python-cachetools (Red Hat package) Operating systems & Components / Operating system package or component python-autopage (Red Hat package) Operating systems & Components / Operating system package or component podman (Red Hat package) Operating systems & Components / Operating system package or component ovn21.09 (Red Hat package) Operating systems & Components / Operating system package or component ovn-2021 (Red Hat package) Operating systems & Components / Operating system package or component openvswitch2.16 (Red Hat package) Operating systems & Components / Operating system package or component openstack-ironic-python-agent (Red Hat package) Operating systems & Components / Operating system package or component openstack-ironic-inspector (Red Hat package) Operating systems & Components / Operating system package or component openstack-ironic (Red Hat package) Operating systems & Components / Operating system package or component openshift-kuryr (Red Hat package) Operating systems & Components / Operating system package or component openshift-clients (Red Hat package) Operating systems & Components / Operating system package or component openshift (Red Hat package) Operating systems & Components / Operating system package or component kata-containers (Red Hat package) Operating systems & Components / Operating system package or component jenkins (Red Hat package) Operating systems & Components / Operating system package or component jenkins-2-plugins (Red Hat package) Operating systems & Components / Operating system package or component ignition (Red Hat package) Operating systems & Components / Operating system package or component haproxy (Red Hat package) Operating systems & Components / Operating system package or component fuse-overlayfs (Red Hat package) Operating systems & Components / Operating system package or component crun (Red Hat package) Operating systems & Components / Operating system package or component cri-tools (Red Hat package) Operating systems & Components / Operating system package or component cri-o (Red Hat package) Operating systems & Components / Operating system package or component coreos-installer (Red Hat package) Operating systems & Components / Operating system package or component containers-common (Red Hat package) Operating systems & Components / Operating system package or component containernetworking-plugins (Red Hat package) Operating systems & Components / Operating system package or component console-login-helper-messages (Red Hat package) Operating systems & Components / Operating system package or component butane (Red Hat package) Operating systems & Components / Operating system package or component buildah (Red Hat package) Operating systems & Components / Operating system package or component atomic-openshift-service-idler (Red Hat package) Operating systems & Components / Operating system package or component ovn21.12 (Red Hat package) Operating systems & Components / Operating system package or component Red Hat OpenShift Container Platform Client/Desktop applications / Software for system administration |
Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
EUVDB-ID: #VU57149
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21684
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
openshift-ansible (Red Hat package): before 4.10.0-202202110258.p0.g25af5a6.assembly.stream.el7
toolbox (Red Hat package): before 0.0.8-4.rhaos4.10.el8
skopeo (Red Hat package): before 1.2.2-1.rhaos4.10.el8
rust-bootupd (Red Hat package): before 0.2.5-3.rhaos4.10.el8
rust-afterburn (Red Hat package): before 5.2.0-1.rhaos4.10.el8
runc (Red Hat package): before 1.0.1-3.rhaos4.10.git4144b63.el7
redhat-release-coreos (Red Hat package): before 410.84-2.el8
python-tooz (Red Hat package): before 2.9.0-0.20211012145018.174065f.el8
python-sushy-oem-idrac (Red Hat package): before 3.0.2-0.20211011174039.9733d23.el8
python-sushy (Red Hat package): before 4.0.0-0.20211209155954.45d24d4.el8
python-stevedore (Red Hat package): before 3.4.0-0.20211012153718.8846a3f.el8
python-scciclient (Red Hat package): before 0.11.1-0.20211208154124.a84332b.el8
python-proliantutils (Red Hat package): before 2.12.2-0.20211210161243.500f518.el8
python-pbr (Red Hat package): before 5.5.1-1.el8ost
python-oslo-utils (Red Hat package): before 4.10.0-0.20211012164840.2c74bb9.el8
python-oslo-upgradecheck (Red Hat package): before 1.4.0-0.20211012144915.3ca8698.el8
python-oslo-service (Red Hat package): before 2.6.0-0.20211012154519.091fd65.el8
python-oslo-serialization (Red Hat package): before 4.2.0-0.20211012151454.2b94a4f.el8
python-oslo-policy (Red Hat package): before 3.8.2-0.20211012161944.c7fd9f4.el8
python-oslo-metrics (Red Hat package): before 0.3.0-0.20211020174122.43eee50.el8
python-oslo-messaging (Red Hat package): before 12.9.1-0.20211020204149.f9de265.el8
python-oslo-log (Red Hat package): before 4.6.0-0.20211012154701.41c8807.el8
python-oslo-i18n (Red Hat package): before 5.1.0-0.20211012165753.b031d17.el8
python-oslo-db (Red Hat package): before 9.1.0-0.20211020204148.be2cc6a.el8
python-oslo-context (Red Hat package): before 3.3.1-0.20211012152439.641a1e0.el8
python-oslo-config (Red Hat package): before 8.7.1-0.20211012155707.1a7bd66.el8
python-oslo-concurrency (Red Hat package): before 4.4.1-0.20211012150632.8e08400.el8
python-osc-lib (Red Hat package): before 2.4.2-0.20211012163041.415a6c7.el8
python-openstacksdk (Red Hat package): before 0.59.0-0.20211012172340.d0d4d8b.el8
python-keystoneauth1 (Red Hat package): before 4.4.0-0.20211012144044.112bcae.el8
python-ironicclient (Red Hat package): before 4.9.0-0.20211209154934.6f1be06.el8
python-ironic-prometheus-exporter (Red Hat package): before 3.1.0-0.20211130174057.d25ba32.el8
python-ironic-lib (Red Hat package): before 5.1.0-0.20211209154936.731e2f9.el8
python-hardware (Red Hat package): before 0.29.0-0.20211122094056.7662a1d.el8
python-dracclient (Red Hat package): before 7.0.0-0.20211012182751.d26664e.el8
python-debtcollector (Red Hat package): before 2.3.0-0.20211012161119.0bf5bf5.el8
python-cliff (Red Hat package): before 3.9.0-0.20211020191737.734bc0c.el8
python-cachetools (Red Hat package): before 3.1.0-2.el8ost
python-autopage (Red Hat package): before 0.4.0-1.el8
podman (Red Hat package): before 3.0.1-7.rhaos4.10.el8
ovn21.09 (Red Hat package): before 21.09.0-22.el8fdp
ovn-2021 (Red Hat package): before 21.12.0-15.el8fdp
openvswitch2.16 (Red Hat package): before 2.16.0-33.el8fdp
openstack-ironic-python-agent (Red Hat package): before 8.3.1-0.20220105174059.d2d3cd6.el8
openstack-ironic-inspector (Red Hat package): before 10.9.1-0.20220117094044.19e2592.el8
openstack-ironic (Red Hat package): before 19.0.1-0.20220120204037.438b8af.el8
openshift-kuryr (Red Hat package): before 4.10.0-202202160023.p0.ge77f917.assembly.stream.el8
openshift-clients (Red Hat package): before 4.10.0-202202160023.p0.gf93da17.assembly.stream.el7
openshift (Red Hat package): before 4.10.0-202202250816.p0.ge419edf.assembly.stream.el7
kata-containers (Red Hat package): before 2.3.0-3.el8
jenkins (Red Hat package): before 2.319.2.1643288987-1.el8
jenkins-2-plugins (Red Hat package): before 4.10.1643404185-1.el8
ignition (Red Hat package): before 2.13.0-2.rhaos4.10.el8
haproxy (Red Hat package): before 2.2.19-1.el8
fuse-overlayfs (Red Hat package): before 1.4.0-1.rhaos4.10.el8
crun (Red Hat package): before 1.4.2-1.rhaos4.10.el8
cri-tools (Red Hat package): before 1.23.0-1.el7
cri-o (Red Hat package): before 1.23.0-92.rhaos4.10.gitdaab4d1.el7
coreos-installer (Red Hat package): before 0.12.0-1.rhaos4.10.el8
containers-common (Red Hat package): before 1-16.rhaos4.10.el8
containernetworking-plugins (Red Hat package): before 0.9.1-1.rhaos4.10.el8
console-login-helper-messages (Red Hat package): before 0.20.3-1.rhaos4.10.el8
butane (Red Hat package): before 0.14.0-1.rhaos4.10.el8
buildah (Red Hat package): before 1.19.7-1.el8
atomic-openshift-service-idler (Red Hat package): before 4.10.0-202202160023.p0.g39cfc66.assembly.stream.el8
Red Hat OpenShift Container Platform: before 4.10.3
ovn21.12 (Red Hat package): before 21.12.0-25.el8fdp
CPE2.3https://access.redhat.com/errata/RHSA-2022:0055
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU68299
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0532
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect sysctls validation in CRI-O. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.
MitigationInstall updates from vendor's website.
openshift-ansible (Red Hat package): before 4.10.0-202202110258.p0.g25af5a6.assembly.stream.el7
toolbox (Red Hat package): before 0.0.8-4.rhaos4.10.el8
skopeo (Red Hat package): before 1.2.2-1.rhaos4.10.el8
rust-bootupd (Red Hat package): before 0.2.5-3.rhaos4.10.el8
rust-afterburn (Red Hat package): before 5.2.0-1.rhaos4.10.el8
runc (Red Hat package): before 1.0.1-3.rhaos4.10.git4144b63.el7
redhat-release-coreos (Red Hat package): before 410.84-2.el8
python-tooz (Red Hat package): before 2.9.0-0.20211012145018.174065f.el8
python-sushy-oem-idrac (Red Hat package): before 3.0.2-0.20211011174039.9733d23.el8
python-sushy (Red Hat package): before 4.0.0-0.20211209155954.45d24d4.el8
python-stevedore (Red Hat package): before 3.4.0-0.20211012153718.8846a3f.el8
python-scciclient (Red Hat package): before 0.11.1-0.20211208154124.a84332b.el8
python-proliantutils (Red Hat package): before 2.12.2-0.20211210161243.500f518.el8
python-pbr (Red Hat package): before 5.5.1-1.el8ost
python-oslo-utils (Red Hat package): before 4.10.0-0.20211012164840.2c74bb9.el8
python-oslo-upgradecheck (Red Hat package): before 1.4.0-0.20211012144915.3ca8698.el8
python-oslo-service (Red Hat package): before 2.6.0-0.20211012154519.091fd65.el8
python-oslo-serialization (Red Hat package): before 4.2.0-0.20211012151454.2b94a4f.el8
python-oslo-policy (Red Hat package): before 3.8.2-0.20211012161944.c7fd9f4.el8
python-oslo-metrics (Red Hat package): before 0.3.0-0.20211020174122.43eee50.el8
python-oslo-messaging (Red Hat package): before 12.9.1-0.20211020204149.f9de265.el8
python-oslo-log (Red Hat package): before 4.6.0-0.20211012154701.41c8807.el8
python-oslo-i18n (Red Hat package): before 5.1.0-0.20211012165753.b031d17.el8
python-oslo-db (Red Hat package): before 9.1.0-0.20211020204148.be2cc6a.el8
python-oslo-context (Red Hat package): before 3.3.1-0.20211012152439.641a1e0.el8
python-oslo-config (Red Hat package): before 8.7.1-0.20211012155707.1a7bd66.el8
python-oslo-concurrency (Red Hat package): before 4.4.1-0.20211012150632.8e08400.el8
python-osc-lib (Red Hat package): before 2.4.2-0.20211012163041.415a6c7.el8
python-openstacksdk (Red Hat package): before 0.59.0-0.20211012172340.d0d4d8b.el8
python-keystoneauth1 (Red Hat package): before 4.4.0-0.20211012144044.112bcae.el8
python-ironicclient (Red Hat package): before 4.9.0-0.20211209154934.6f1be06.el8
python-ironic-prometheus-exporter (Red Hat package): before 3.1.0-0.20211130174057.d25ba32.el8
python-ironic-lib (Red Hat package): before 5.1.0-0.20211209154936.731e2f9.el8
python-hardware (Red Hat package): before 0.29.0-0.20211122094056.7662a1d.el8
python-dracclient (Red Hat package): before 7.0.0-0.20211012182751.d26664e.el8
python-debtcollector (Red Hat package): before 2.3.0-0.20211012161119.0bf5bf5.el8
python-cliff (Red Hat package): before 3.9.0-0.20211020191737.734bc0c.el8
python-cachetools (Red Hat package): before 3.1.0-2.el8ost
python-autopage (Red Hat package): before 0.4.0-1.el8
podman (Red Hat package): before 3.0.1-7.rhaos4.10.el8
ovn21.09 (Red Hat package): before 21.09.0-22.el8fdp
ovn-2021 (Red Hat package): before 21.12.0-15.el8fdp
openvswitch2.16 (Red Hat package): before 2.16.0-33.el8fdp
openstack-ironic-python-agent (Red Hat package): before 8.3.1-0.20220105174059.d2d3cd6.el8
openstack-ironic-inspector (Red Hat package): before 10.9.1-0.20220117094044.19e2592.el8
openstack-ironic (Red Hat package): before 19.0.1-0.20220120204037.438b8af.el8
openshift-kuryr (Red Hat package): before 4.10.0-202202160023.p0.ge77f917.assembly.stream.el8
openshift-clients (Red Hat package): before 4.10.0-202202160023.p0.gf93da17.assembly.stream.el7
openshift (Red Hat package): before 4.10.0-202202250816.p0.ge419edf.assembly.stream.el7
kata-containers (Red Hat package): before 2.3.0-3.el8
jenkins (Red Hat package): before 2.319.2.1643288987-1.el8
jenkins-2-plugins (Red Hat package): before 4.10.1643404185-1.el8
ignition (Red Hat package): before 2.13.0-2.rhaos4.10.el8
haproxy (Red Hat package): before 2.2.19-1.el8
fuse-overlayfs (Red Hat package): before 1.4.0-1.rhaos4.10.el8
crun (Red Hat package): before 1.4.2-1.rhaos4.10.el8
cri-tools (Red Hat package): before 1.23.0-1.el7
cri-o (Red Hat package): before 1.23.0-92.rhaos4.10.gitdaab4d1.el7
coreos-installer (Red Hat package): before 0.12.0-1.rhaos4.10.el8
containers-common (Red Hat package): before 1-16.rhaos4.10.el8
containernetworking-plugins (Red Hat package): before 0.9.1-1.rhaos4.10.el8
console-login-helper-messages (Red Hat package): before 0.20.3-1.rhaos4.10.el8
butane (Red Hat package): before 0.14.0-1.rhaos4.10.el8
buildah (Red Hat package): before 1.19.7-1.el8
atomic-openshift-service-idler (Red Hat package): before 4.10.0-202202160023.p0.g39cfc66.assembly.stream.el8
Red Hat OpenShift Container Platform: before 4.10.3
ovn21.12 (Red Hat package): before 21.12.0-25.el8fdp
CPE2.3https://access.redhat.com/errata/RHSA-2022:0055
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU57150
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2014-3577
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper certificate validation. A remote attacker can perform a man-in-the-middle (MitM) attack and spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate.
MitigationInstall updates from vendor's website.
openshift-ansible (Red Hat package): before 4.10.0-202202110258.p0.g25af5a6.assembly.stream.el7
toolbox (Red Hat package): before 0.0.8-4.rhaos4.10.el8
skopeo (Red Hat package): before 1.2.2-1.rhaos4.10.el8
rust-bootupd (Red Hat package): before 0.2.5-3.rhaos4.10.el8
rust-afterburn (Red Hat package): before 5.2.0-1.rhaos4.10.el8
runc (Red Hat package): before 1.0.1-3.rhaos4.10.git4144b63.el7
redhat-release-coreos (Red Hat package): before 410.84-2.el8
python-tooz (Red Hat package): before 2.9.0-0.20211012145018.174065f.el8
python-sushy-oem-idrac (Red Hat package): before 3.0.2-0.20211011174039.9733d23.el8
python-sushy (Red Hat package): before 4.0.0-0.20211209155954.45d24d4.el8
python-stevedore (Red Hat package): before 3.4.0-0.20211012153718.8846a3f.el8
python-scciclient (Red Hat package): before 0.11.1-0.20211208154124.a84332b.el8
python-proliantutils (Red Hat package): before 2.12.2-0.20211210161243.500f518.el8
python-pbr (Red Hat package): before 5.5.1-1.el8ost
python-oslo-utils (Red Hat package): before 4.10.0-0.20211012164840.2c74bb9.el8
python-oslo-upgradecheck (Red Hat package): before 1.4.0-0.20211012144915.3ca8698.el8
python-oslo-service (Red Hat package): before 2.6.0-0.20211012154519.091fd65.el8
python-oslo-serialization (Red Hat package): before 4.2.0-0.20211012151454.2b94a4f.el8
python-oslo-policy (Red Hat package): before 3.8.2-0.20211012161944.c7fd9f4.el8
python-oslo-metrics (Red Hat package): before 0.3.0-0.20211020174122.43eee50.el8
python-oslo-messaging (Red Hat package): before 12.9.1-0.20211020204149.f9de265.el8
python-oslo-log (Red Hat package): before 4.6.0-0.20211012154701.41c8807.el8
python-oslo-i18n (Red Hat package): before 5.1.0-0.20211012165753.b031d17.el8
python-oslo-db (Red Hat package): before 9.1.0-0.20211020204148.be2cc6a.el8
python-oslo-context (Red Hat package): before 3.3.1-0.20211012152439.641a1e0.el8
python-oslo-config (Red Hat package): before 8.7.1-0.20211012155707.1a7bd66.el8
python-oslo-concurrency (Red Hat package): before 4.4.1-0.20211012150632.8e08400.el8
python-osc-lib (Red Hat package): before 2.4.2-0.20211012163041.415a6c7.el8
python-openstacksdk (Red Hat package): before 0.59.0-0.20211012172340.d0d4d8b.el8
python-keystoneauth1 (Red Hat package): before 4.4.0-0.20211012144044.112bcae.el8
python-ironicclient (Red Hat package): before 4.9.0-0.20211209154934.6f1be06.el8
python-ironic-prometheus-exporter (Red Hat package): before 3.1.0-0.20211130174057.d25ba32.el8
python-ironic-lib (Red Hat package): before 5.1.0-0.20211209154936.731e2f9.el8
python-hardware (Red Hat package): before 0.29.0-0.20211122094056.7662a1d.el8
python-dracclient (Red Hat package): before 7.0.0-0.20211012182751.d26664e.el8
python-debtcollector (Red Hat package): before 2.3.0-0.20211012161119.0bf5bf5.el8
python-cliff (Red Hat package): before 3.9.0-0.20211020191737.734bc0c.el8
python-cachetools (Red Hat package): before 3.1.0-2.el8ost
python-autopage (Red Hat package): before 0.4.0-1.el8
podman (Red Hat package): before 3.0.1-7.rhaos4.10.el8
ovn21.09 (Red Hat package): before 21.09.0-22.el8fdp
ovn-2021 (Red Hat package): before 21.12.0-15.el8fdp
openvswitch2.16 (Red Hat package): before 2.16.0-33.el8fdp
openstack-ironic-python-agent (Red Hat package): before 8.3.1-0.20220105174059.d2d3cd6.el8
openstack-ironic-inspector (Red Hat package): before 10.9.1-0.20220117094044.19e2592.el8
openstack-ironic (Red Hat package): before 19.0.1-0.20220120204037.438b8af.el8
openshift-kuryr (Red Hat package): before 4.10.0-202202160023.p0.ge77f917.assembly.stream.el8
openshift-clients (Red Hat package): before 4.10.0-202202160023.p0.gf93da17.assembly.stream.el7
openshift (Red Hat package): before 4.10.0-202202250816.p0.ge419edf.assembly.stream.el7
kata-containers (Red Hat package): before 2.3.0-3.el8
jenkins (Red Hat package): before 2.319.2.1643288987-1.el8
jenkins-2-plugins (Red Hat package): before 4.10.1643404185-1.el8
ignition (Red Hat package): before 2.13.0-2.rhaos4.10.el8
haproxy (Red Hat package): before 2.2.19-1.el8
fuse-overlayfs (Red Hat package): before 1.4.0-1.rhaos4.10.el8
crun (Red Hat package): before 1.4.2-1.rhaos4.10.el8
cri-tools (Red Hat package): before 1.23.0-1.el7
cri-o (Red Hat package): before 1.23.0-92.rhaos4.10.gitdaab4d1.el7
coreos-installer (Red Hat package): before 0.12.0-1.rhaos4.10.el8
containers-common (Red Hat package): before 1-16.rhaos4.10.el8
containernetworking-plugins (Red Hat package): before 0.9.1-1.rhaos4.10.el8
console-login-helper-messages (Red Hat package): before 0.20.3-1.rhaos4.10.el8
butane (Red Hat package): before 0.14.0-1.rhaos4.10.el8
buildah (Red Hat package): before 1.19.7-1.el8
atomic-openshift-service-idler (Red Hat package): before 4.10.0-202202160023.p0.g39cfc66.assembly.stream.el8
Red Hat OpenShift Container Platform: before 4.10.3
ovn21.12 (Red Hat package): before 21.12.0-25.el8fdp
CPE2.3https://access.redhat.com/errata/RHSA-2022:0055
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58229
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-41190
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the system.
The vulnerability exists due to a type confusion error. A remote authenticated attacker can pass specially crafted data to the application, trigger a type confusion error and interpret the resulting content differently.
MitigationInstall updates from vendor's website.
openshift-ansible (Red Hat package): before 4.10.0-202202110258.p0.g25af5a6.assembly.stream.el7
toolbox (Red Hat package): before 0.0.8-4.rhaos4.10.el8
skopeo (Red Hat package): before 1.2.2-1.rhaos4.10.el8
rust-bootupd (Red Hat package): before 0.2.5-3.rhaos4.10.el8
rust-afterburn (Red Hat package): before 5.2.0-1.rhaos4.10.el8
runc (Red Hat package): before 1.0.1-3.rhaos4.10.git4144b63.el7
redhat-release-coreos (Red Hat package): before 410.84-2.el8
python-tooz (Red Hat package): before 2.9.0-0.20211012145018.174065f.el8
python-sushy-oem-idrac (Red Hat package): before 3.0.2-0.20211011174039.9733d23.el8
python-sushy (Red Hat package): before 4.0.0-0.20211209155954.45d24d4.el8
python-stevedore (Red Hat package): before 3.4.0-0.20211012153718.8846a3f.el8
python-scciclient (Red Hat package): before 0.11.1-0.20211208154124.a84332b.el8
python-proliantutils (Red Hat package): before 2.12.2-0.20211210161243.500f518.el8
python-pbr (Red Hat package): before 5.5.1-1.el8ost
python-oslo-utils (Red Hat package): before 4.10.0-0.20211012164840.2c74bb9.el8
python-oslo-upgradecheck (Red Hat package): before 1.4.0-0.20211012144915.3ca8698.el8
python-oslo-service (Red Hat package): before 2.6.0-0.20211012154519.091fd65.el8
python-oslo-serialization (Red Hat package): before 4.2.0-0.20211012151454.2b94a4f.el8
python-oslo-policy (Red Hat package): before 3.8.2-0.20211012161944.c7fd9f4.el8
python-oslo-metrics (Red Hat package): before 0.3.0-0.20211020174122.43eee50.el8
python-oslo-messaging (Red Hat package): before 12.9.1-0.20211020204149.f9de265.el8
python-oslo-log (Red Hat package): before 4.6.0-0.20211012154701.41c8807.el8
python-oslo-i18n (Red Hat package): before 5.1.0-0.20211012165753.b031d17.el8
python-oslo-db (Red Hat package): before 9.1.0-0.20211020204148.be2cc6a.el8
python-oslo-context (Red Hat package): before 3.3.1-0.20211012152439.641a1e0.el8
python-oslo-config (Red Hat package): before 8.7.1-0.20211012155707.1a7bd66.el8
python-oslo-concurrency (Red Hat package): before 4.4.1-0.20211012150632.8e08400.el8
python-osc-lib (Red Hat package): before 2.4.2-0.20211012163041.415a6c7.el8
python-openstacksdk (Red Hat package): before 0.59.0-0.20211012172340.d0d4d8b.el8
python-keystoneauth1 (Red Hat package): before 4.4.0-0.20211012144044.112bcae.el8
python-ironicclient (Red Hat package): before 4.9.0-0.20211209154934.6f1be06.el8
python-ironic-prometheus-exporter (Red Hat package): before 3.1.0-0.20211130174057.d25ba32.el8
python-ironic-lib (Red Hat package): before 5.1.0-0.20211209154936.731e2f9.el8
python-hardware (Red Hat package): before 0.29.0-0.20211122094056.7662a1d.el8
python-dracclient (Red Hat package): before 7.0.0-0.20211012182751.d26664e.el8
python-debtcollector (Red Hat package): before 2.3.0-0.20211012161119.0bf5bf5.el8
python-cliff (Red Hat package): before 3.9.0-0.20211020191737.734bc0c.el8
python-cachetools (Red Hat package): before 3.1.0-2.el8ost
python-autopage (Red Hat package): before 0.4.0-1.el8
podman (Red Hat package): before 3.0.1-7.rhaos4.10.el8
ovn21.09 (Red Hat package): before 21.09.0-22.el8fdp
ovn-2021 (Red Hat package): before 21.12.0-15.el8fdp
openvswitch2.16 (Red Hat package): before 2.16.0-33.el8fdp
openstack-ironic-python-agent (Red Hat package): before 8.3.1-0.20220105174059.d2d3cd6.el8
openstack-ironic-inspector (Red Hat package): before 10.9.1-0.20220117094044.19e2592.el8
openstack-ironic (Red Hat package): before 19.0.1-0.20220120204037.438b8af.el8
openshift-kuryr (Red Hat package): before 4.10.0-202202160023.p0.ge77f917.assembly.stream.el8
openshift-clients (Red Hat package): before 4.10.0-202202160023.p0.gf93da17.assembly.stream.el7
openshift (Red Hat package): before 4.10.0-202202250816.p0.ge419edf.assembly.stream.el7
kata-containers (Red Hat package): before 2.3.0-3.el8
jenkins (Red Hat package): before 2.319.2.1643288987-1.el8
jenkins-2-plugins (Red Hat package): before 4.10.1643404185-1.el8
ignition (Red Hat package): before 2.13.0-2.rhaos4.10.el8
haproxy (Red Hat package): before 2.2.19-1.el8
fuse-overlayfs (Red Hat package): before 1.4.0-1.rhaos4.10.el8
crun (Red Hat package): before 1.4.2-1.rhaos4.10.el8
cri-tools (Red Hat package): before 1.23.0-1.el7
cri-o (Red Hat package): before 1.23.0-92.rhaos4.10.gitdaab4d1.el7
coreos-installer (Red Hat package): before 0.12.0-1.rhaos4.10.el8
containers-common (Red Hat package): before 1-16.rhaos4.10.el8
containernetworking-plugins (Red Hat package): before 0.9.1-1.rhaos4.10.el8
console-login-helper-messages (Red Hat package): before 0.20.3-1.rhaos4.10.el8
butane (Red Hat package): before 0.14.0-1.rhaos4.10.el8
buildah (Red Hat package): before 1.19.7-1.el8
atomic-openshift-service-idler (Red Hat package): before 4.10.0-202202160023.p0.g39cfc66.assembly.stream.el8
Red Hat OpenShift Container Platform: before 4.10.3
ovn21.12 (Red Hat package): before 21.12.0-25.el8fdp
CPE2.3https://access.redhat.com/errata/RHSA-2022:0055
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59042
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-44717
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when processing HTTP/2 requests. A remote attacker can send multiple HTTP/2 requests to the server and exhaust all available memory resources.
Install updates from vendor's website.
openshift-ansible (Red Hat package): before 4.10.0-202202110258.p0.g25af5a6.assembly.stream.el7
toolbox (Red Hat package): before 0.0.8-4.rhaos4.10.el8
skopeo (Red Hat package): before 1.2.2-1.rhaos4.10.el8
rust-bootupd (Red Hat package): before 0.2.5-3.rhaos4.10.el8
rust-afterburn (Red Hat package): before 5.2.0-1.rhaos4.10.el8
runc (Red Hat package): before 1.0.1-3.rhaos4.10.git4144b63.el7
redhat-release-coreos (Red Hat package): before 410.84-2.el8
python-tooz (Red Hat package): before 2.9.0-0.20211012145018.174065f.el8
python-sushy-oem-idrac (Red Hat package): before 3.0.2-0.20211011174039.9733d23.el8
python-sushy (Red Hat package): before 4.0.0-0.20211209155954.45d24d4.el8
python-stevedore (Red Hat package): before 3.4.0-0.20211012153718.8846a3f.el8
python-scciclient (Red Hat package): before 0.11.1-0.20211208154124.a84332b.el8
python-proliantutils (Red Hat package): before 2.12.2-0.20211210161243.500f518.el8
python-pbr (Red Hat package): before 5.5.1-1.el8ost
python-oslo-utils (Red Hat package): before 4.10.0-0.20211012164840.2c74bb9.el8
python-oslo-upgradecheck (Red Hat package): before 1.4.0-0.20211012144915.3ca8698.el8
python-oslo-service (Red Hat package): before 2.6.0-0.20211012154519.091fd65.el8
python-oslo-serialization (Red Hat package): before 4.2.0-0.20211012151454.2b94a4f.el8
python-oslo-policy (Red Hat package): before 3.8.2-0.20211012161944.c7fd9f4.el8
python-oslo-metrics (Red Hat package): before 0.3.0-0.20211020174122.43eee50.el8
python-oslo-messaging (Red Hat package): before 12.9.1-0.20211020204149.f9de265.el8
python-oslo-log (Red Hat package): before 4.6.0-0.20211012154701.41c8807.el8
python-oslo-i18n (Red Hat package): before 5.1.0-0.20211012165753.b031d17.el8
python-oslo-db (Red Hat package): before 9.1.0-0.20211020204148.be2cc6a.el8
python-oslo-context (Red Hat package): before 3.3.1-0.20211012152439.641a1e0.el8
python-oslo-config (Red Hat package): before 8.7.1-0.20211012155707.1a7bd66.el8
python-oslo-concurrency (Red Hat package): before 4.4.1-0.20211012150632.8e08400.el8
python-osc-lib (Red Hat package): before 2.4.2-0.20211012163041.415a6c7.el8
python-openstacksdk (Red Hat package): before 0.59.0-0.20211012172340.d0d4d8b.el8
python-keystoneauth1 (Red Hat package): before 4.4.0-0.20211012144044.112bcae.el8
python-ironicclient (Red Hat package): before 4.9.0-0.20211209154934.6f1be06.el8
python-ironic-prometheus-exporter (Red Hat package): before 3.1.0-0.20211130174057.d25ba32.el8
python-ironic-lib (Red Hat package): before 5.1.0-0.20211209154936.731e2f9.el8
python-hardware (Red Hat package): before 0.29.0-0.20211122094056.7662a1d.el8
python-dracclient (Red Hat package): before 7.0.0-0.20211012182751.d26664e.el8
python-debtcollector (Red Hat package): before 2.3.0-0.20211012161119.0bf5bf5.el8
python-cliff (Red Hat package): before 3.9.0-0.20211020191737.734bc0c.el8
python-cachetools (Red Hat package): before 3.1.0-2.el8ost
python-autopage (Red Hat package): before 0.4.0-1.el8
podman (Red Hat package): before 3.0.1-7.rhaos4.10.el8
ovn21.09 (Red Hat package): before 21.09.0-22.el8fdp
ovn-2021 (Red Hat package): before 21.12.0-15.el8fdp
openvswitch2.16 (Red Hat package): before 2.16.0-33.el8fdp
openstack-ironic-python-agent (Red Hat package): before 8.3.1-0.20220105174059.d2d3cd6.el8
openstack-ironic-inspector (Red Hat package): before 10.9.1-0.20220117094044.19e2592.el8
openstack-ironic (Red Hat package): before 19.0.1-0.20220120204037.438b8af.el8
openshift-kuryr (Red Hat package): before 4.10.0-202202160023.p0.ge77f917.assembly.stream.el8
openshift-clients (Red Hat package): before 4.10.0-202202160023.p0.gf93da17.assembly.stream.el7
openshift (Red Hat package): before 4.10.0-202202250816.p0.ge419edf.assembly.stream.el7
kata-containers (Red Hat package): before 2.3.0-3.el8
jenkins (Red Hat package): before 2.319.2.1643288987-1.el8
jenkins-2-plugins (Red Hat package): before 4.10.1643404185-1.el8
ignition (Red Hat package): before 2.13.0-2.rhaos4.10.el8
haproxy (Red Hat package): before 2.2.19-1.el8
fuse-overlayfs (Red Hat package): before 1.4.0-1.rhaos4.10.el8
crun (Red Hat package): before 1.4.2-1.rhaos4.10.el8
cri-tools (Red Hat package): before 1.23.0-1.el7
cri-o (Red Hat package): before 1.23.0-92.rhaos4.10.gitdaab4d1.el7
coreos-installer (Red Hat package): before 0.12.0-1.rhaos4.10.el8
containers-common (Red Hat package): before 1-16.rhaos4.10.el8
containernetworking-plugins (Red Hat package): before 0.9.1-1.rhaos4.10.el8
console-login-helper-messages (Red Hat package): before 0.20.3-1.rhaos4.10.el8
butane (Red Hat package): before 0.14.0-1.rhaos4.10.el8
buildah (Red Hat package): before 1.19.7-1.el8
atomic-openshift-service-idler (Red Hat package): before 4.10.0-202202160023.p0.g39cfc66.assembly.stream.el8
Red Hat OpenShift Container Platform: before 4.10.3
ovn21.12 (Red Hat package): before 21.12.0-25.el8fdp
CPE2.3https://access.redhat.com/errata/RHSA-2022:0055
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58824
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-44716
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
openshift-ansible (Red Hat package): before 4.10.0-202202110258.p0.g25af5a6.assembly.stream.el7
toolbox (Red Hat package): before 0.0.8-4.rhaos4.10.el8
skopeo (Red Hat package): before 1.2.2-1.rhaos4.10.el8
rust-bootupd (Red Hat package): before 0.2.5-3.rhaos4.10.el8
rust-afterburn (Red Hat package): before 5.2.0-1.rhaos4.10.el8
runc (Red Hat package): before 1.0.1-3.rhaos4.10.git4144b63.el7
redhat-release-coreos (Red Hat package): before 410.84-2.el8
python-tooz (Red Hat package): before 2.9.0-0.20211012145018.174065f.el8
python-sushy-oem-idrac (Red Hat package): before 3.0.2-0.20211011174039.9733d23.el8
python-sushy (Red Hat package): before 4.0.0-0.20211209155954.45d24d4.el8
python-stevedore (Red Hat package): before 3.4.0-0.20211012153718.8846a3f.el8
python-scciclient (Red Hat package): before 0.11.1-0.20211208154124.a84332b.el8
python-proliantutils (Red Hat package): before 2.12.2-0.20211210161243.500f518.el8
python-pbr (Red Hat package): before 5.5.1-1.el8ost
python-oslo-utils (Red Hat package): before 4.10.0-0.20211012164840.2c74bb9.el8
python-oslo-upgradecheck (Red Hat package): before 1.4.0-0.20211012144915.3ca8698.el8
python-oslo-service (Red Hat package): before 2.6.0-0.20211012154519.091fd65.el8
python-oslo-serialization (Red Hat package): before 4.2.0-0.20211012151454.2b94a4f.el8
python-oslo-policy (Red Hat package): before 3.8.2-0.20211012161944.c7fd9f4.el8
python-oslo-metrics (Red Hat package): before 0.3.0-0.20211020174122.43eee50.el8
python-oslo-messaging (Red Hat package): before 12.9.1-0.20211020204149.f9de265.el8
python-oslo-log (Red Hat package): before 4.6.0-0.20211012154701.41c8807.el8
python-oslo-i18n (Red Hat package): before 5.1.0-0.20211012165753.b031d17.el8
python-oslo-db (Red Hat package): before 9.1.0-0.20211020204148.be2cc6a.el8
python-oslo-context (Red Hat package): before 3.3.1-0.20211012152439.641a1e0.el8
python-oslo-config (Red Hat package): before 8.7.1-0.20211012155707.1a7bd66.el8
python-oslo-concurrency (Red Hat package): before 4.4.1-0.20211012150632.8e08400.el8
python-osc-lib (Red Hat package): before 2.4.2-0.20211012163041.415a6c7.el8
python-openstacksdk (Red Hat package): before 0.59.0-0.20211012172340.d0d4d8b.el8
python-keystoneauth1 (Red Hat package): before 4.4.0-0.20211012144044.112bcae.el8
python-ironicclient (Red Hat package): before 4.9.0-0.20211209154934.6f1be06.el8
python-ironic-prometheus-exporter (Red Hat package): before 3.1.0-0.20211130174057.d25ba32.el8
python-ironic-lib (Red Hat package): before 5.1.0-0.20211209154936.731e2f9.el8
python-hardware (Red Hat package): before 0.29.0-0.20211122094056.7662a1d.el8
python-dracclient (Red Hat package): before 7.0.0-0.20211012182751.d26664e.el8
python-debtcollector (Red Hat package): before 2.3.0-0.20211012161119.0bf5bf5.el8
python-cliff (Red Hat package): before 3.9.0-0.20211020191737.734bc0c.el8
python-cachetools (Red Hat package): before 3.1.0-2.el8ost
python-autopage (Red Hat package): before 0.4.0-1.el8
podman (Red Hat package): before 3.0.1-7.rhaos4.10.el8
ovn21.09 (Red Hat package): before 21.09.0-22.el8fdp
ovn-2021 (Red Hat package): before 21.12.0-15.el8fdp
openvswitch2.16 (Red Hat package): before 2.16.0-33.el8fdp
openstack-ironic-python-agent (Red Hat package): before 8.3.1-0.20220105174059.d2d3cd6.el8
openstack-ironic-inspector (Red Hat package): before 10.9.1-0.20220117094044.19e2592.el8
openstack-ironic (Red Hat package): before 19.0.1-0.20220120204037.438b8af.el8
openshift-kuryr (Red Hat package): before 4.10.0-202202160023.p0.ge77f917.assembly.stream.el8
openshift-clients (Red Hat package): before 4.10.0-202202160023.p0.gf93da17.assembly.stream.el7
openshift (Red Hat package): before 4.10.0-202202250816.p0.ge419edf.assembly.stream.el7
kata-containers (Red Hat package): before 2.3.0-3.el8
jenkins (Red Hat package): before 2.319.2.1643288987-1.el8
jenkins-2-plugins (Red Hat package): before 4.10.1643404185-1.el8
ignition (Red Hat package): before 2.13.0-2.rhaos4.10.el8
haproxy (Red Hat package): before 2.2.19-1.el8
fuse-overlayfs (Red Hat package): before 1.4.0-1.rhaos4.10.el8
crun (Red Hat package): before 1.4.2-1.rhaos4.10.el8
cri-tools (Red Hat package): before 1.23.0-1.el7
cri-o (Red Hat package): before 1.23.0-92.rhaos4.10.gitdaab4d1.el7
coreos-installer (Red Hat package): before 0.12.0-1.rhaos4.10.el8
containers-common (Red Hat package): before 1-16.rhaos4.10.el8
containernetworking-plugins (Red Hat package): before 0.9.1-1.rhaos4.10.el8
console-login-helper-messages (Red Hat package): before 0.20.3-1.rhaos4.10.el8
butane (Red Hat package): before 0.14.0-1.rhaos4.10.el8
buildah (Red Hat package): before 1.19.7-1.el8
atomic-openshift-service-idler (Red Hat package): before 4.10.0-202202160023.p0.g39cfc66.assembly.stream.el8
Red Hat OpenShift Container Platform: before 4.10.3
ovn21.12 (Red Hat package): before 21.12.0-25.el8fdp
CPE2.3https://access.redhat.com/errata/RHSA-2022:0055
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU77628
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-6153
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to modify files on the system.
The vulnerability exists due to Apache Commons HttpClient does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. A remote attacker can pass specially crafted input to the application and modify files on the system.
MitigationInstall updates from vendor's website.
openshift-ansible (Red Hat package): before 4.10.0-202202110258.p0.g25af5a6.assembly.stream.el7
toolbox (Red Hat package): before 0.0.8-4.rhaos4.10.el8
skopeo (Red Hat package): before 1.2.2-1.rhaos4.10.el8
rust-bootupd (Red Hat package): before 0.2.5-3.rhaos4.10.el8
rust-afterburn (Red Hat package): before 5.2.0-1.rhaos4.10.el8
runc (Red Hat package): before 1.0.1-3.rhaos4.10.git4144b63.el7
redhat-release-coreos (Red Hat package): before 410.84-2.el8
python-tooz (Red Hat package): before 2.9.0-0.20211012145018.174065f.el8
python-sushy-oem-idrac (Red Hat package): before 3.0.2-0.20211011174039.9733d23.el8
python-sushy (Red Hat package): before 4.0.0-0.20211209155954.45d24d4.el8
python-stevedore (Red Hat package): before 3.4.0-0.20211012153718.8846a3f.el8
python-scciclient (Red Hat package): before 0.11.1-0.20211208154124.a84332b.el8
python-proliantutils (Red Hat package): before 2.12.2-0.20211210161243.500f518.el8
python-pbr (Red Hat package): before 5.5.1-1.el8ost
python-oslo-utils (Red Hat package): before 4.10.0-0.20211012164840.2c74bb9.el8
python-oslo-upgradecheck (Red Hat package): before 1.4.0-0.20211012144915.3ca8698.el8
python-oslo-service (Red Hat package): before 2.6.0-0.20211012154519.091fd65.el8
python-oslo-serialization (Red Hat package): before 4.2.0-0.20211012151454.2b94a4f.el8
python-oslo-policy (Red Hat package): before 3.8.2-0.20211012161944.c7fd9f4.el8
python-oslo-metrics (Red Hat package): before 0.3.0-0.20211020174122.43eee50.el8
python-oslo-messaging (Red Hat package): before 12.9.1-0.20211020204149.f9de265.el8
python-oslo-log (Red Hat package): before 4.6.0-0.20211012154701.41c8807.el8
python-oslo-i18n (Red Hat package): before 5.1.0-0.20211012165753.b031d17.el8
python-oslo-db (Red Hat package): before 9.1.0-0.20211020204148.be2cc6a.el8
python-oslo-context (Red Hat package): before 3.3.1-0.20211012152439.641a1e0.el8
python-oslo-config (Red Hat package): before 8.7.1-0.20211012155707.1a7bd66.el8
python-oslo-concurrency (Red Hat package): before 4.4.1-0.20211012150632.8e08400.el8
python-osc-lib (Red Hat package): before 2.4.2-0.20211012163041.415a6c7.el8
python-openstacksdk (Red Hat package): before 0.59.0-0.20211012172340.d0d4d8b.el8
python-keystoneauth1 (Red Hat package): before 4.4.0-0.20211012144044.112bcae.el8
python-ironicclient (Red Hat package): before 4.9.0-0.20211209154934.6f1be06.el8
python-ironic-prometheus-exporter (Red Hat package): before 3.1.0-0.20211130174057.d25ba32.el8
python-ironic-lib (Red Hat package): before 5.1.0-0.20211209154936.731e2f9.el8
python-hardware (Red Hat package): before 0.29.0-0.20211122094056.7662a1d.el8
python-dracclient (Red Hat package): before 7.0.0-0.20211012182751.d26664e.el8
python-debtcollector (Red Hat package): before 2.3.0-0.20211012161119.0bf5bf5.el8
python-cliff (Red Hat package): before 3.9.0-0.20211020191737.734bc0c.el8
python-cachetools (Red Hat package): before 3.1.0-2.el8ost
python-autopage (Red Hat package): before 0.4.0-1.el8
podman (Red Hat package): before 3.0.1-7.rhaos4.10.el8
ovn21.09 (Red Hat package): before 21.09.0-22.el8fdp
ovn-2021 (Red Hat package): before 21.12.0-15.el8fdp
openvswitch2.16 (Red Hat package): before 2.16.0-33.el8fdp
openstack-ironic-python-agent (Red Hat package): before 8.3.1-0.20220105174059.d2d3cd6.el8
openstack-ironic-inspector (Red Hat package): before 10.9.1-0.20220117094044.19e2592.el8
openstack-ironic (Red Hat package): before 19.0.1-0.20220120204037.438b8af.el8
openshift-kuryr (Red Hat package): before 4.10.0-202202160023.p0.ge77f917.assembly.stream.el8
openshift-clients (Red Hat package): before 4.10.0-202202160023.p0.gf93da17.assembly.stream.el7
openshift (Red Hat package): before 4.10.0-202202250816.p0.ge419edf.assembly.stream.el7
kata-containers (Red Hat package): before 2.3.0-3.el8
jenkins (Red Hat package): before 2.319.2.1643288987-1.el8
jenkins-2-plugins (Red Hat package): before 4.10.1643404185-1.el8
ignition (Red Hat package): before 2.13.0-2.rhaos4.10.el8
haproxy (Red Hat package): before 2.2.19-1.el8
fuse-overlayfs (Red Hat package): before 1.4.0-1.rhaos4.10.el8
crun (Red Hat package): before 1.4.2-1.rhaos4.10.el8
cri-tools (Red Hat package): before 1.23.0-1.el7
cri-o (Red Hat package): before 1.23.0-92.rhaos4.10.gitdaab4d1.el7
coreos-installer (Red Hat package): before 0.12.0-1.rhaos4.10.el8
containers-common (Red Hat package): before 1-16.rhaos4.10.el8
containernetworking-plugins (Red Hat package): before 0.9.1-1.rhaos4.10.el8
console-login-helper-messages (Red Hat package): before 0.20.3-1.rhaos4.10.el8
butane (Red Hat package): before 0.14.0-1.rhaos4.10.el8
buildah (Red Hat package): before 1.19.7-1.el8
atomic-openshift-service-idler (Red Hat package): before 4.10.0-202202160023.p0.g39cfc66.assembly.stream.el8
Red Hat OpenShift Container Platform: before 4.10.3
ovn21.12 (Red Hat package): before 21.12.0-25.el8fdp
CPE2.3https://access.redhat.com/errata/RHSA-2022:0055
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.