Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-41182 (GCVE-0-2021-41182)
Vulnerability from cvelistv5
Published
2021-10-26 00:00
Modified
2025-02-13 16:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
},
{
"name": "FEDORA-2021-51c256bf87",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
},
{
"name": "FEDORA-2021-ab38307fc3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
},
{
"name": "FEDORA-2021-013ab302be",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
},
{
"name": "[debian-lts-announce] 20220119 [SECURITY] [DLA-2889-1] drupal7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.drupal.org/sa-core-2022-002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.drupal.org/sa-contrib-2022-004"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"name": "FEDORA-2022-9d655503ea",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
},
{
"name": "FEDORA-2022-bf18450366",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jquery-ui",
"vendor": "jquery",
"versions": [
{
"status": "affected",
"version": "\u003c 1.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:24.588Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc"
},
{
"url": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63"
},
{
"url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
},
{
"name": "FEDORA-2021-51c256bf87",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
},
{
"name": "FEDORA-2021-ab38307fc3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
},
{
"name": "FEDORA-2021-013ab302be",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
},
{
"name": "[debian-lts-announce] 20220119 [SECURITY] [DLA-2889-1] drupal7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
},
{
"url": "https://www.drupal.org/sa-core-2022-002"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
},
{
"url": "https://www.drupal.org/sa-contrib-2022-004"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"name": "FEDORA-2022-9d655503ea",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
},
{
"name": "FEDORA-2022-bf18450366",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"source": {
"advisory": "GHSA-9gj3-hwp5-pmwc",
"discovery": "UNKNOWN"
},
"title": "XSS in the `altField` option of the Datepicker widget"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41182",
"datePublished": "2021-10-26T00:00:00.000Z",
"dateReserved": "2021-09-15T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:28:30.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-41182\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-10-26T15:15:10.313\",\"lastModified\":\"2024-11-21T06:25:41.707\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.\"},{\"lang\":\"es\",\"value\":\"jQuery-UI es la biblioteca oficial de interfaz de usuario de jQuery. Antes de la versi\u00f3n 1.13.0, aceptar el valor de la opci\u00f3n \\\"altField\\\" del widget Datepicker desde fuentes no confiables puede ejecutar c\u00f3digo no confiable. El problema es corregido en jQuery UI versi\u00f3n 1.13.0. Cualquier valor de cadena pasado a la opci\u00f3n \\\"altField\\\" se trata ahora como un selector CSS. Una soluci\u00f3n es no aceptar el valor de la opci\u00f3n \\\"altField\\\" de fuentes no confiables\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:*\",\"versionEndExcluding\":\"1.13.0\",\"matchCriteriaId\":\"EA897736-789A-461C-86F5-E7470E643213\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FFF7106-ED78-49BA-9EC5-B889E3685D53\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E63D8B0F-006E-4801-BF9D-1C001BBFB4F9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56409CEC-5A1E-4450-AA42-641E459CC2AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B06F4839-D16A-4A61-9BB5-55B13F41E47F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"108A2215-50FB-4074-94CF-C130FA14566D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32F0B6C0-F930-480D-962B-3F4EFDCC13C7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"803BC414-B250-4E3A-A478-A3881340D6B8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FEB3337-BFDE-462A-908B-176F92053CEC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"736AEAE9-782B-4F71-9893-DED53367E102\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0B4AD8A-F172-4558-AEC6-FF424BA2D912\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8497A4C9-8474-4A62-8331-3FE862ED4098\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDDF61B7-EC5C-467C-B710-B89F502CD04F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6770B6C3-732E-4E22-BF1C-2D2FD610061C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F9C8C20-42EB-4AB5-BD97-212DEB070C43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\",\"versionEndExcluding\":\"7.86\",\"matchCriteriaId\":\"013FAABA-8CDD-46AD-B321-9908634C880A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E812639B-EE28-4C68-9F6F-70C8BF981C86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B98BAEB2-A540-4E8A-A946-C4331B913AFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8FBE260-E306-4215-80C0-D2D27CA43E0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.11.0\",\"versionEndIncluding\":\"8.14.0\",\"matchCriteriaId\":\"C7F4B5F0-6B78-4A94-AD83-6B78D484E298\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBDA65DE-5727-49DC-8D50-DA81DB3E8841\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.0.29\",\"matchCriteriaId\":\"B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC99884C-17AD-4C42-B404-4E862175C1A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5659049-8C12-433D-9CE2-90615122CB29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"737A843D-6B2F-4443-85FF-7B72B46A7251\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DC11D4E-23D3-49CE-A9B1-68477EF8C6F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7DFBD39-0511-406D-B972-F3F11976229D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33157281-11A0-4700-99AB-40B7B9C57A9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"202AD518-2E9B-4062-B063-9858AE1F9CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10864586-270E-4ACF-BDCC-ECFCD299305F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38340E3C-C452-4370-86D4-355B6B4E0A06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9C55C69-E22E-4B80-9371-5CD821D79FE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14A818F-AA16-4438-A3E4-E64C9287AC66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.21.0\",\"matchCriteriaId\":\"CAB9A41F-91F1-40DF-BF12-6ADA7229A84C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C650FEDB-E903-4C2D-AD40-282AB5F2E3C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.1.1\",\"matchCriteriaId\":\"48B23728-0050-4AF0-B8B0-A959CBAB4505\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB9FC9AB-1070-420F-870E-A5EC43A924A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDC6D658-09EA-4C41-869F-1C2EA163F751\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"23.1\",\"matchCriteriaId\":\"384DEDD9-CB26-4306-99D8-83068A9B23ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEF828F5-C666-40DA-98DD-CDF658D7090B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E812639B-EE28-4C68-9F6F-70C8BF981C86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B98BAEB2-A540-4E8A-A946-C4331B913AFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8FBE260-E306-4215-80C0-D2D27CA43E0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8865CE15-F9A1-4A46-AF93-B58356BDEE6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AC63D10-2326-4542-B345-31D45B9A7408\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.11.0\",\"versionEndIncluding\":\"8.14.0\",\"matchCriteriaId\":\"C7F4B5F0-6B78-4A94-AD83-6B78D484E298\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBDA65DE-5727-49DC-8D50-DA81DB3E8841\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.2.6.3\",\"matchCriteriaId\":\"C5F35B8D-6F26-4682-8541-6F10EE2ACE7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8AF00C6-B97F-414D-A8DF-057E6BFD8597\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.2.0\",\"versionEndIncluding\":\"12.2.25\",\"matchCriteriaId\":\"15C83E0F-5FA2-47E5-9FCF-CD2E90D6A9E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.7\",\"versionEndIncluding\":\"17.12\",\"matchCriteriaId\":\"08FA59A8-6A62-4B33-8952-D6E658F8DAC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"202AD518-2E9B-4062-B063-9858AE1F9CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10864586-270E-4ACF-BDCC-ECFCD299305F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38340E3C-C452-4370-86D4-355B6B4E0A06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9C55C69-E22E-4B80-9371-5CD821D79FE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"22.1.1\",\"matchCriteriaId\":\"105BF985-2403-455E-BAA1-509245B54A1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"281F1ACB-3180-422C-BADF-B0AE5F50924E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14A818F-AA16-4438-A3E4-E64C9287AC66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}]}]}],\"references\":[{\"url\":\"https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20211118-0004/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.drupal.org/sa-contrib-2022-004\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.drupal.org/sa-core-2022-002\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-09\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20211118-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.drupal.org/sa-contrib-2022-004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.drupal.org/sa-core-2022-002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
wid-sec-w-2023-2229
Vulnerability from csaf_certbund
Published
2023-08-30 22:00
Modified
2024-08-12 22:00
Summary
Splunk Splunk Enterprise: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.
Angriff
Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2229 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2229.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2229 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2229"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0801"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0802"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0803"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0804"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0805"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0806"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0807"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0808"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0196-1 vom 2024-01-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2988 vom 2024-05-28",
"url": "https://linux.oracle.com/errata/ELSA-2024-2988.html"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-0718 vom 2024-07-02",
"url": "https://advisory.splunk.com/advisories/SVD-2024-0718"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-0801 vom 2024-08-12",
"url": "https://advisory.splunk.com//advisories/SVD-2024-0801"
}
],
"source_lang": "en-US",
"title": "Splunk Splunk Enterprise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-08-12T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:57:53.670+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2229",
"initial_release_date": "2023-08-30T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-08-30T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-01-23T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-07-01T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
},
{
"date": "2024-08-12T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Splunk Splunk Enterprise",
"product": {
"name": "Splunk Splunk Enterprise",
"product_id": "T008911",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.1",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.1.1",
"product_id": "T029634"
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.6",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.0.6",
"product_id": "T029635"
}
},
{
"category": "product_version_range",
"name": "\u003c8.2.12",
"product": {
"name": "Splunk Splunk Enterprise \u003c8.2.12",
"product_id": "T029636"
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.1",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.2.1",
"product_id": "T033705"
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.4",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.1.4",
"product_id": "T033718"
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.9",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.0.9",
"product_id": "T033720"
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-7489",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2013-7489"
},
{
"cve": "CVE-2018-10237",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2018-10237"
},
{
"cve": "CVE-2018-20225",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2018-20225"
},
{
"cve": "CVE-2019-20454",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2019-20454"
},
{
"cve": "CVE-2019-20838",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2019-20838"
},
{
"cve": "CVE-2020-14155",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-14155"
},
{
"cve": "CVE-2020-28469",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-28469"
},
{
"cve": "CVE-2020-28851",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-28851"
},
{
"cve": "CVE-2020-29652",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-29652"
},
{
"cve": "CVE-2020-8169",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8169"
},
{
"cve": "CVE-2020-8177",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8177"
},
{
"cve": "CVE-2020-8231",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8231"
},
{
"cve": "CVE-2020-8284",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8284"
},
{
"cve": "CVE-2020-8285",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8285"
},
{
"cve": "CVE-2020-8286",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8286"
},
{
"cve": "CVE-2020-8908",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8908"
},
{
"cve": "CVE-2021-20066",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-20066"
},
{
"cve": "CVE-2021-22569",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22569"
},
{
"cve": "CVE-2021-22876",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22876"
},
{
"cve": "CVE-2021-22890",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22890"
},
{
"cve": "CVE-2021-22897",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22897"
},
{
"cve": "CVE-2021-22898",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22898"
},
{
"cve": "CVE-2021-22901",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22901"
},
{
"cve": "CVE-2021-22922",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22922"
},
{
"cve": "CVE-2021-22923",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22923"
},
{
"cve": "CVE-2021-22924",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22924"
},
{
"cve": "CVE-2021-22925",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22925"
},
{
"cve": "CVE-2021-22926",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22926"
},
{
"cve": "CVE-2021-22945",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22945"
},
{
"cve": "CVE-2021-22946",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22946"
},
{
"cve": "CVE-2021-22947",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22947"
},
{
"cve": "CVE-2021-23343",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-23343"
},
{
"cve": "CVE-2021-23382",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-23382"
},
{
"cve": "CVE-2021-27918",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-27918"
},
{
"cve": "CVE-2021-27919",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-27919"
},
{
"cve": "CVE-2021-29060",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-29060"
},
{
"cve": "CVE-2021-29425",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-29425"
},
{
"cve": "CVE-2021-29923",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-29923"
},
{
"cve": "CVE-2021-31525",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-31525"
},
{
"cve": "CVE-2021-31566",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-31566"
},
{
"cve": "CVE-2021-33194",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-33194"
},
{
"cve": "CVE-2021-33195",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-33195"
},
{
"cve": "CVE-2021-33196",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-33196"
},
{
"cve": "CVE-2021-33197",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-33197"
},
{
"cve": "CVE-2021-33198",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-33198"
},
{
"cve": "CVE-2021-34558",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-34558"
},
{
"cve": "CVE-2021-3520",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-3520"
},
{
"cve": "CVE-2021-3572",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-3572"
},
{
"cve": "CVE-2021-36221",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-36221"
},
{
"cve": "CVE-2021-36976",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-36976"
},
{
"cve": "CVE-2021-3803",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-3803"
},
{
"cve": "CVE-2021-38297",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-38297"
},
{
"cve": "CVE-2021-38561",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-38561"
},
{
"cve": "CVE-2021-39293",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-39293"
},
{
"cve": "CVE-2021-41182",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-41182"
},
{
"cve": "CVE-2021-41183",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-41183"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-41771",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-41771"
},
{
"cve": "CVE-2021-41772",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-41772"
},
{
"cve": "CVE-2021-43565",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-43565"
},
{
"cve": "CVE-2021-44716",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-44716"
},
{
"cve": "CVE-2021-44717",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-44717"
},
{
"cve": "CVE-2022-1705",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-1705"
},
{
"cve": "CVE-2022-1941",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-1941"
},
{
"cve": "CVE-2022-1962",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-1962"
},
{
"cve": "CVE-2022-22576",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-22576"
},
{
"cve": "CVE-2022-2309",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-2309"
},
{
"cve": "CVE-2022-23491",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-23491"
},
{
"cve": "CVE-2022-23772",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-23772"
},
{
"cve": "CVE-2022-23773",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-23773"
},
{
"cve": "CVE-2022-23806",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-23806"
},
{
"cve": "CVE-2022-24675",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-24675"
},
{
"cve": "CVE-2022-24921",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-24921"
},
{
"cve": "CVE-2022-24999",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-24999"
},
{
"cve": "CVE-2022-25881",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-25881"
},
{
"cve": "CVE-2022-27191",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27191"
},
{
"cve": "CVE-2022-27536",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27536"
},
{
"cve": "CVE-2022-27664",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27664"
},
{
"cve": "CVE-2022-27774",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27774"
},
{
"cve": "CVE-2022-27775",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27775"
},
{
"cve": "CVE-2022-27776",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27776"
},
{
"cve": "CVE-2022-27778",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27778"
},
{
"cve": "CVE-2022-27779",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27779"
},
{
"cve": "CVE-2022-27780",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27780"
},
{
"cve": "CVE-2022-27781",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27781"
},
{
"cve": "CVE-2022-27782",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27782"
},
{
"cve": "CVE-2022-28131",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-28131"
},
{
"cve": "CVE-2022-28327",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-28327"
},
{
"cve": "CVE-2022-2879",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-2879"
},
{
"cve": "CVE-2022-2880",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-2880"
},
{
"cve": "CVE-2022-29526",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-29526"
},
{
"cve": "CVE-2022-29804",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-29804"
},
{
"cve": "CVE-2022-30115",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30115"
},
{
"cve": "CVE-2022-30580",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30580"
},
{
"cve": "CVE-2022-30629",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30629"
},
{
"cve": "CVE-2022-30630",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30630"
},
{
"cve": "CVE-2022-30631",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30631"
},
{
"cve": "CVE-2022-30632",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30632"
},
{
"cve": "CVE-2022-30633",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30633"
},
{
"cve": "CVE-2022-30634",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30634"
},
{
"cve": "CVE-2022-30635",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30635"
},
{
"cve": "CVE-2022-31129",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-31129"
},
{
"cve": "CVE-2022-3171",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-3171"
},
{
"cve": "CVE-2022-32148",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32148"
},
{
"cve": "CVE-2022-32149",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32149"
},
{
"cve": "CVE-2022-32189",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32189"
},
{
"cve": "CVE-2022-32205",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32205"
},
{
"cve": "CVE-2022-32206",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32206"
},
{
"cve": "CVE-2022-32207",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32207"
},
{
"cve": "CVE-2022-32208",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32208"
},
{
"cve": "CVE-2022-32221",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32221"
},
{
"cve": "CVE-2022-33987",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-33987"
},
{
"cve": "CVE-2022-3509",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-3509"
},
{
"cve": "CVE-2022-3510",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-3510"
},
{
"cve": "CVE-2022-3517",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-3517"
},
{
"cve": "CVE-2022-35252",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-35252"
},
{
"cve": "CVE-2022-35260",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-35260"
},
{
"cve": "CVE-2022-35737",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-35737"
},
{
"cve": "CVE-2022-36227",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-36227"
},
{
"cve": "CVE-2022-37599",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-37599"
},
{
"cve": "CVE-2022-37601",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-37601"
},
{
"cve": "CVE-2022-37603",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-37603"
},
{
"cve": "CVE-2022-38900",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-38900"
},
{
"cve": "CVE-2022-40023",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-40023"
},
{
"cve": "CVE-2022-40897",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-40897"
},
{
"cve": "CVE-2022-40899",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-40899"
},
{
"cve": "CVE-2022-41715",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-41715"
},
{
"cve": "CVE-2022-41716",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-41716"
},
{
"cve": "CVE-2022-41720",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-41720"
},
{
"cve": "CVE-2022-41722",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-41722"
},
{
"cve": "CVE-2022-42003",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-42004",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-42004"
},
{
"cve": "CVE-2022-42915",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-42915"
},
{
"cve": "CVE-2022-42916",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-42916"
},
{
"cve": "CVE-2022-43551",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-43551"
},
{
"cve": "CVE-2022-43552",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-43552"
},
{
"cve": "CVE-2022-46175",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-46175"
},
{
"cve": "CVE-2023-23914",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-23914"
},
{
"cve": "CVE-2023-23915",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-23915"
},
{
"cve": "CVE-2023-23916",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-23916"
},
{
"cve": "CVE-2023-24539",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-24539"
},
{
"cve": "CVE-2023-24540",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-24540"
},
{
"cve": "CVE-2023-27533",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27533"
},
{
"cve": "CVE-2023-27534",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27534"
},
{
"cve": "CVE-2023-27535",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27535"
},
{
"cve": "CVE-2023-27536",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27536"
},
{
"cve": "CVE-2023-27537",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27537"
},
{
"cve": "CVE-2023-27538",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27538"
},
{
"cve": "CVE-2023-29400",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-29400"
},
{
"cve": "CVE-2023-29402",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-29402"
},
{
"cve": "CVE-2023-29403",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-29403"
},
{
"cve": "CVE-2023-29404",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-29404"
},
{
"cve": "CVE-2023-29405",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-29405"
},
{
"cve": "CVE-2023-40592",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40592"
},
{
"cve": "CVE-2023-40593",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40593"
},
{
"cve": "CVE-2023-40594",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40594"
},
{
"cve": "CVE-2023-40595",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40595"
},
{
"cve": "CVE-2023-40596",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40596"
},
{
"cve": "CVE-2023-40597",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40597"
},
{
"cve": "CVE-2023-40598",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T033720",
"T002207",
"T008911",
"T033718",
"T033705",
"T004914"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40598"
}
]
}
wid-sec-w-2023-2309
Vulnerability from csaf_certbund
Published
2023-09-11 22:00
Modified
2023-09-11 22:00
Summary
SAP Patchday September 2023
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
SAP stellt unternehmensweite Lösungen für Geschäftsprozesse wie Buchführung, Vertrieb, Einkauf und Lagerhaltung zur Verfügung.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "SAP stellt unternehmensweite L\u00f6sungen f\u00fcr Gesch\u00e4ftsprozesse wie Buchf\u00fchrung, Vertrieb, Einkauf und Lagerhaltung zur Verf\u00fcgung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2309 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2309.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2309 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2309"
},
{
"category": "external",
"summary": "SAP Patchday September 2023 vom 2023-09-12",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=10"
}
],
"source_lang": "en-US",
"title": "SAP Patchday September 2023",
"tracking": {
"current_release_date": "2023-09-11T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:58:15.189+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2309",
"initial_release_date": "2023-09-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-09-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SAP Software",
"product": {
"name": "SAP Software",
"product_id": "T016476",
"product_identification_helper": {
"cpe": "cpe:/a:sap:sap:-"
}
}
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42472",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-42472"
},
{
"cve": "CVE-2023-41369",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-41369"
},
{
"cve": "CVE-2023-41368",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-41368"
},
{
"cve": "CVE-2023-41367",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-41367"
},
{
"cve": "CVE-2023-40625",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40625"
},
{
"cve": "CVE-2023-40624",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40624"
},
{
"cve": "CVE-2023-40623",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40623"
},
{
"cve": "CVE-2023-40622",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40622"
},
{
"cve": "CVE-2023-40621",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40621"
},
{
"cve": "CVE-2023-40309",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40309"
},
{
"cve": "CVE-2023-40308",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40308"
},
{
"cve": "CVE-2023-40306",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-40306"
},
{
"cve": "CVE-2023-37489",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-37489"
},
{
"cve": "CVE-2023-25616",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-25616"
},
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2022-41272",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2022-41272"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-41183",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2021-41183"
},
{
"cve": "CVE-2021-41182",
"notes": [
{
"category": "description",
"text": "In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten ABAP Platform, Business Client, Business Objects Business Intelligence Platform, CommonCryptoLib, Content Server, Extended Application Services and Runtime (XSA), HANA Database, Host Agent, NetWeaver, PowerDesignerClient, Quotation Management Insurance, S/4HANA, S4CORE, SSOEXT, UI5 und Web Dispatcher. Zu den Ursachen z\u00e4hlen unter anderem Fehler in der Speicherverwaltung und fehlende Eingabepr\u00fcfungen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren. Die Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder eine Interaktion des Nutzers."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-09-11T22:00:00.000+00:00",
"title": "CVE-2021-41182"
}
]
}
wid-sec-w-2023-2102
Vulnerability from csaf_certbund
Published
2023-08-20 22:00
Modified
2023-08-20 22:00
Summary
Moodle: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Moodle ist ein Software-Paket, um internetbasierte Kurse zu entwickeln und durchzuführen. Es ist ein globales Softwareentwicklungsprojekt, das einen konstruktivistischen Lehr- und Lernansatz unterstützt.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Moodle ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Moodle ist ein Software-Paket, um internetbasierte Kurse zu entwickeln und durchzuf\u00fchren. Es ist ein globales Softwareentwicklungsprojekt, das einen konstruktivistischen Lehr- und Lernansatz unterst\u00fctzt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Moodle ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2102 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2102.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2102 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2102"
},
{
"category": "external",
"summary": "Moodle Security Announcements vom 2023-08-21",
"url": "https://moodle.org/mod/forum/view.php?id=7128"
}
],
"source_lang": "en-US",
"title": "Moodle: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-08-20T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:57:15.936+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2102",
"initial_release_date": "2023-08-20T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-08-20T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Open Source Moodle \u003c 4.2.2",
"product": {
"name": "Open Source Moodle \u003c 4.2.2",
"product_id": "T029425",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.2.2"
}
}
},
{
"category": "product_name",
"name": "Open Source Moodle \u003c 4.1.5",
"product": {
"name": "Open Source Moodle \u003c 4.1.5",
"product_id": "T029426",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.1.5"
}
}
},
{
"category": "product_name",
"name": "Open Source Moodle \u003c 4.0.10",
"product": {
"name": "Open Source Moodle \u003c 4.0.10",
"product_id": "T029427",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.0.10"
}
}
},
{
"category": "product_name",
"name": "Open Source Moodle \u003c 3.11.16",
"product": {
"name": "Open Source Moodle \u003c 3.11.16",
"product_id": "T029428",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:3.11.16"
}
}
},
{
"category": "product_name",
"name": "Open Source Moodle \u003c 3.9.23",
"product": {
"name": "Open Source Moodle \u003c 3.9.23",
"product_id": "T029429",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:3.9.23"
}
}
}
],
"category": "product_name",
"name": "Moodle"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-40325",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40325"
},
{
"cve": "CVE-2023-40324",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40324"
},
{
"cve": "CVE-2023-40323",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40323"
},
{
"cve": "CVE-2023-40322",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40322"
},
{
"cve": "CVE-2023-40321",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40321"
},
{
"cve": "CVE-2023-40320",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40320"
},
{
"cve": "CVE-2023-40319",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40319"
},
{
"cve": "CVE-2023-40318",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40318"
},
{
"cve": "CVE-2023-40317",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40317"
},
{
"cve": "CVE-2023-40316",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2023-40316"
},
{
"cve": "CVE-2022-39369",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2022-39369"
},
{
"cve": "CVE-2022-31160",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2022-31160"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-41183",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2021-41183"
},
{
"cve": "CVE-2021-41182",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Moodle sowie in den verwendeten Drittanbieter-Bibliotheken \"JQuery UI\" und \"phpCAS\". Diese Probleme werden u.a. durch eine falsche Logik f\u00fcr den Dom\u00e4nenabgleich, unzureichende Pr\u00fcfungen oder Einschr\u00e4nkungen, fehlende Eingabebereinigung und ein Problem mit offenen Weiterleitungen verursacht. Ein authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Informationen offenzulegen und SQL-Injection- oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren."
}
],
"release_date": "2023-08-20T22:00:00.000+00:00",
"title": "CVE-2021-41182"
}
]
}
wid-sec-w-2022-2368
Vulnerability from csaf_certbund
Published
2022-12-19 23:00
Modified
2023-01-09 23:00
Summary
HCL BigFix: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
BigFix ist eine Lösung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.
Angriff
Ein Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um die Verfügbarkeit, die Vertraulichkeit und die Integrität zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "BigFix ist eine L\u00f6sung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-2368 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2368.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-2368 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2368"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6853623 vom 2023-01-09",
"url": "https://www.ibm.com/support/pages/node/6853623"
},
{
"category": "external",
"summary": "HCL Security Bulletin KB0102049 vom 2022-12-17",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102049"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2022-12-19",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102168"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2022-12-19",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102140"
}
],
"source_lang": "en-US",
"title": "HCL BigFix: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-01-09T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:40:12.874+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-2368",
"initial_release_date": "2022-12-19T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-12-19T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-12-28T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2023-01-09T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "HCL BigFix",
"product": {
"name": "HCL BigFix",
"product_id": "T017494",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:-"
}
}
},
{
"category": "product_name",
"name": "HCL BigFix \u003c 10.0.8\u00a0",
"product": {
"name": "HCL BigFix \u003c 10.0.8\u00a0",
"product_id": "T025721",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:10.0.8"
}
}
},
{
"category": "product_name",
"name": "HCL BigFix \u003c 9.5.21",
"product": {
"name": "HCL BigFix \u003c 9.5.21",
"product_id": "T025722",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:9.5.21"
}
}
}
],
"category": "product_name",
"name": "BigFix"
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM License Metric Tool",
"product": {
"name": "IBM License Metric Tool",
"product_id": "T016581",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:license_metric_tool:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-44756",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-44756"
},
{
"cve": "CVE-2022-42454",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-42454"
},
{
"cve": "CVE-2022-42448",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-42448"
},
{
"cve": "CVE-2022-39299",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-39299"
},
{
"cve": "CVE-2022-38655",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-38655"
},
{
"cve": "CVE-2022-37616",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-37616"
},
{
"cve": "CVE-2022-33987",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-33987"
},
{
"cve": "CVE-2022-31160",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-31160"
},
{
"cve": "CVE-2022-31129",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-31129"
},
{
"cve": "CVE-2022-25896",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-25896"
},
{
"cve": "CVE-2022-25887",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-25887"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-41183",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2021-41183"
},
{
"cve": "CVE-2021-41182",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2021-41182"
},
{
"cve": "CVE-2021-32014",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2021-32014"
},
{
"cve": "CVE-2021-32013",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2021-32013"
},
{
"cve": "CVE-2021-32012",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen. Diese sind sowohl im Quellcode als auch in Open-Source-Komponenten zu finden. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verf\u00fcgbarkeit, die Vertraulichkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T016581",
"T025722",
"T025721",
"T017494"
]
},
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2021-32012"
}
]
}
wid-sec-w-2024-0117
Vulnerability from csaf_certbund
Published
2024-01-16 23:00
Modified
2024-01-16 23:00
Summary
Oracle Retail Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Retail Applications ist eine Sammlung von Produkten zur Unterstützung u. a. von Handelsfirmen und der Gastronomie.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Retail Applications ist eine Sammlung von Produkten zur Unterst\u00fctzung u. a. von Handelsfirmen und der Gastronomie.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0117 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0117.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0117 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0117"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2024 - Appendix Oracle Retail Applications vom 2024-01-16",
"url": "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixRAPP"
}
],
"source_lang": "en-US",
"title": "Oracle Retail Applications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-01-16T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:03:46.978+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-0117",
"initial_release_date": "2024-01-16T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-01-16T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Retail Applications 16.0.3",
"product": {
"name": "Oracle Retail Applications 16.0.3",
"product_id": "T019034",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:16.0.3"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 20.0.1",
"product": {
"name": "Oracle Retail Applications 20.0.1",
"product_id": "T019911",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:20.0.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 15.0.3",
"product": {
"name": "Oracle Retail Applications 15.0.3",
"product_id": "T020721",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:15.0.3"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 18.0.0.14",
"product": {
"name": "Oracle Retail Applications 18.0.0.14",
"product_id": "T032125",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:18.0.0.14"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 19.0.0.8",
"product": {
"name": "Oracle Retail Applications 19.0.0.8",
"product_id": "T032126",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:19.0.0.8"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications \u003c= 23.0.0",
"product": {
"name": "Oracle Retail Applications \u003c= 23.0.0",
"product_id": "T032127",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:23.0.0"
}
}
}
],
"category": "product_name",
"name": "Retail Applications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-44487",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032126",
"T032125",
"T019911",
"T020721",
"T019034"
],
"last_affected": [
"T032127"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-35887",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032126",
"T032125",
"T019911",
"T020721",
"T019034"
],
"last_affected": [
"T032127"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-35887"
},
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032126",
"T032125",
"T019911",
"T020721",
"T019034"
],
"last_affected": [
"T032127"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2022-42920",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032126",
"T032125",
"T019911",
"T020721",
"T019034"
],
"last_affected": [
"T032127"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2022-42920"
},
{
"cve": "CVE-2021-41182",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032126",
"T032125",
"T019911",
"T020721",
"T019034"
],
"last_affected": [
"T032127"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2021-41182"
},
{
"cve": "CVE-2020-26870",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032126",
"T032125",
"T019911",
"T020721",
"T019034"
],
"last_affected": [
"T032127"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2020-26870"
}
]
}
wid-sec-w-2022-1729
Vulnerability from csaf_certbund
Published
2021-11-01 23:00
Modified
2023-10-05 22:00
Summary
jQuery: Mehrere Schwachstellen ermöglichen Cross-Site Scripting
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
jQuery ist eine freie JavaScript-Bibliothek, die Funktionen zur DOM-Navigation und -Manipulation zur Verfügung stellt.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in jQuery ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "jQuery ist eine freie JavaScript-Bibliothek, die Funktionen zur DOM-Navigation und -Manipulation zur Verf\u00fcgung stellt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in jQuery ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1729 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-1729.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1729 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1729"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6419-1 vom 2023-10-05",
"url": "https://ubuntu.com/security/notices/USN-6419-1"
},
{
"category": "external",
"summary": "HP Security Bulletin HPSBPI03869 vom 2023-10-04",
"url": "https://support.hp.com/us-en/document/ish_9365285-9365309-16/HPSBPI03869"
},
{
"category": "external",
"summary": "Red Hat Bugzilla vom 2021-11-01",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019144"
},
{
"category": "external",
"summary": "Red Hat Bugzilla vom 2021-11-01",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019148"
},
{
"category": "external",
"summary": "Red Hat Bugzilla vom 2021-11-01",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019153"
},
{
"category": "external",
"summary": "Drupal Security Advisory SA-CONTRIB-2022-004 vom 2022-01-19",
"url": "https://www.drupal.org/sa-contrib-2022-004"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2889 vom 2022-01-19",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
},
{
"category": "external",
"summary": "Drupal Security Advisory SA-CORE-2022-011 vom 2022-01-19",
"url": "https://www.drupal.org/sa-core-2022-011"
},
{
"category": "external",
"summary": "Drupal Security Advisory SA-CORE-2022-002 vom 2022-01-19",
"url": "https://www.drupal.org/sa-core-2022-002"
},
{
"category": "external",
"summary": "Drupal Security Advisory",
"url": "https://www.drupal.org/sa-core-2022-001"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1729-1 vom 2022-05-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/011075.html"
},
{
"category": "external",
"summary": "Tenable Security Advisory",
"url": "https://www.tenable.com/security/tns-2022-12"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:4711 vom 2022-05-26",
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
},
{
"category": "external",
"summary": "Tenable Security Advisory",
"url": "https://www.tenable.com/security/tns-2022-11"
},
{
"category": "external",
"summary": "HCL Article KB0097697 vom 2022-04-07",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097697"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2022-10 vom 2022-05-10",
"url": "http://www.auscert.org.au/bulletins/ESB-2022.2191"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2022-10 vom 2022-05-10 vom 2022-05-09",
"url": "https://www.tenable.com/security/tns-2022-10"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3230 vom 2022-12-07",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00015.html"
}
],
"source_lang": "en-US",
"title": "jQuery: Mehrere Schwachstellen erm\u00f6glichen Cross-Site Scripting",
"tracking": {
"current_release_date": "2023-10-05T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:36:30.047+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-1729",
"initial_release_date": "2021-11-01T23:00:00.000+00:00",
"revision_history": [
{
"date": "2021-11-01T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-01-19T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Drupal und Debian aufgenommen"
},
{
"date": "2022-04-07T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2022-05-09T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Tenable aufgenommen"
},
{
"date": "2022-05-18T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-05-26T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Tenable und Red Hat aufgenommen"
},
{
"date": "2022-10-16T22:00:00.000+00:00",
"number": "7",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-9D655503EA, FEDORA-2022-C4334D5277"
},
{
"date": "2022-10-26T22:00:00.000+00:00",
"number": "8",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-BF18450366"
},
{
"date": "2022-12-07T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-10-04T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2023-10-05T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "11"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "HCL BigFix",
"product": {
"name": "HCL BigFix",
"product_id": "T017494",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:-"
}
}
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"category": "product_name",
"name": "HP LaserJet",
"product": {
"name": "HP LaserJet",
"product_id": "T029061",
"product_identification_helper": {
"cpe": "cpe:/h:hp:laserjet:-"
}
}
}
],
"category": "vendor",
"name": "HP"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Drupal",
"product": {
"name": "Open Source Drupal",
"product_id": "172446",
"product_identification_helper": {
"cpe": "cpe:/a:drupal:drupal:-"
}
}
},
{
"category": "product_name",
"name": "Open Source jQuery UI \u003c 1.13.0",
"product": {
"name": "Open Source jQuery UI \u003c 1.13.0",
"product_id": "T020872",
"product_identification_helper": {
"cpe": "cpe:/a:jquery:jquery:ui__1.13.0"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Tenable Security Nessus",
"product": {
"name": "Tenable Security Nessus",
"product_id": "999278",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus:-"
}
}
},
{
"category": "product_name",
"name": "Tenable Security Nessus Network Monitor \u003c 6.0.1",
"product": {
"name": "Tenable Security Nessus Network Monitor \u003c 6.0.1",
"product_id": "T023141",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus_network_monitor:6.0.1"
}
}
}
],
"category": "vendor",
"name": "Tenable Security"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-41182",
"notes": [
{
"category": "description",
"text": "In jQuery existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der \"altField\" und \"*Text\" Option des Widgets Datepicker und in der \"of\" Option des .position() utils nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"172446",
"T000126",
"T029061",
"999278",
"T017494"
]
},
"release_date": "2021-11-01T23:00:00.000+00:00",
"title": "CVE-2021-41182"
},
{
"cve": "CVE-2021-41183",
"notes": [
{
"category": "description",
"text": "In jQuery existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der \"altField\" und \"*Text\" Option des Widgets Datepicker und in der \"of\" Option des .position() utils nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"172446",
"T000126",
"T029061",
"999278",
"T017494"
]
},
"release_date": "2021-11-01T23:00:00.000+00:00",
"title": "CVE-2021-41183"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In jQuery existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der \"altField\" und \"*Text\" Option des Widgets Datepicker und in der \"of\" Option des .position() utils nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"172446",
"T000126",
"T029061",
"999278",
"T017494"
]
},
"release_date": "2021-11-01T23:00:00.000+00:00",
"title": "CVE-2021-41184"
}
]
}
gsd-2021-41182
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-41182",
"description": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.",
"id": "GSD-2021-41182",
"references": [
"https://www.suse.com/security/cve/CVE-2021-41182.html",
"https://access.redhat.com/errata/RHSA-2022:4711"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-41182"
],
"details": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.",
"id": "GSD-2021-41182",
"modified": "2023-12-13T01:23:27.077364Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jquery-ui",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003c 1.13.0"
}
]
}
}
]
},
"vendor_name": "jquery"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-79",
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc"
},
{
"name": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63"
},
{
"name": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/",
"refsource": "MISC",
"url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
},
{
"name": "https://www.drupal.org/sa-core-2022-002",
"refsource": "MISC",
"url": "https://www.drupal.org/sa-core-2022-002"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211118-0004/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
},
{
"name": "https://www.drupal.org/sa-contrib-2022-004",
"refsource": "MISC",
"url": "https://www.drupal.org/sa-contrib-2022-004"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://www.tenable.com/security/tns-2022-09",
"refsource": "MISC",
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
]
},
"source": {
"advisory": "GHSA-9gj3-hwp5-pmwc",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.13.0",
"affected_versions": "All versions before 1.13.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2023-06-21",
"description": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.",
"fixed_versions": [
"1.13.0"
],
"identifier": "CVE-2021-41182",
"identifiers": [
"CVE-2021-41182",
"GHSA-9gj3-hwp5-pmwc"
],
"not_impacted": "All versions starting from 1.13.0",
"package_slug": "npm/jquery-ui",
"pubdate": "2021-10-26",
"solution": "Upgrade to version 1.13.0 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc",
"https://nvd.nist.gov/vuln/detail/CVE-2021-41182",
"https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63",
"https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/",
"https://security.netapp.com/advisory/ntap-20211118-0004/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/",
"https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html",
"https://www.drupal.org/sa-contrib-2022-004",
"https://www.drupal.org/sa-core-2022-002",
"https://github.com/advisories/GHSA-9gj3-hwp5-pmwc"
],
"uuid": "ed7f50b1-248e-4be1-be8f-7a51d2e5ab9e"
},
{
"affected_range": "\u003e=7.0,\u003c7.86",
"affected_versions": "All versions starting from 7.0 before 7.86",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2023-06-21",
"description": "jQuery-UI is the official jQuery user interface library used by drupal. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.",
"fixed_versions": [
"8.0.0"
],
"identifier": "CVE-2021-41182",
"identifiers": [
"CVE-2021-41182",
"GHSA-9gj3-hwp5-pmwc"
],
"not_impacted": "All versions before 7.0, all versions starting from 7.86",
"package_slug": "packagist/drupal/drupal",
"pubdate": "2021-10-26",
"solution": "Upgrade to version 8.0.0 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-41182",
"https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc",
"https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63",
"https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/",
"https://security.netapp.com/advisory/ntap-20211118-0004/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/",
"https://www.drupal.org/sa-contrib-2022-004",
"https://www.drupal.org/sa-core-2022-002",
"https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
],
"uuid": "989fdd71-9daf-45f5-88b5-20cbce155747"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:*",
"cpe_name": [],
"versionEndExcluding": "1.13.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.86",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.29",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.14.0",
"versionStartIncluding": "8.11.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.21.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "23.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.14.0",
"versionStartIncluding": "8.11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.6.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.25",
"versionStartIncluding": "12.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41182"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc"
},
{
"name": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63"
},
{
"name": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/",
"refsource": "MISC",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211118-0004/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
},
{
"name": "https://www.drupal.org/sa-contrib-2022-004",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-contrib-2022-004"
},
{
"name": "https://www.drupal.org/sa-core-2022-002",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-core-2022-002"
},
{
"name": "[debian-lts-announce] 20220119 [SECURITY] [DLA-2889-1] drupal7 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.tenable.com/security/tns-2022-09",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html",
"refsource": "MISC",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2023-08-31T03:15Z",
"publishedDate": "2021-10-26T15:15Z"
}
}
}
ghsa-9gj3-hwp5-pmwc
Vulnerability from github
Published
2021-10-26 14:55
Modified
2021-10-27 17:00
Severity ?
VLAI Severity ?
Summary
XSS in the `altField` option of the Datepicker widget in jquery-ui
Details
Impact
Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way:
js
$( "#datepicker" ).datepicker( {
altField: "<img onerror='doEvilThing()' src='/404' />",
} );
will call the doEvilThing function.
Patches
The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector.
Workarounds
A workaround is to not accept the value of the altField option from untrusted sources.
For more information
If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "jquery-ui"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "jQuery.UI.Combined"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "jquery-ui-rails"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.webjars.npm:jquery-ui"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41182"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2021-10-25T22:06:41Z",
"nvd_published_at": "2021-10-26T15:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nAccepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way:\n```js\n$( \"#datepicker\" ).datepicker( {\n\taltField: \"\u003cimg onerror=\u0027doEvilThing()\u0027 src=\u0027/404\u0027 /\u003e\",\n} );\n```\nwill call the `doEvilThing` function.\n\n### Patches\nThe issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector.\n\n### Workarounds\nA workaround is to not accept the value of the `altField` option from untrusted sources.\n\n### For more information\nIf you have any questions or comments about this advisory, search for a relevant issue in [the jQuery UI repo](https://github.com/jquery/jquery-ui/issues). If you don\u0027t find an answer, open a new issue.",
"id": "GHSA-9gj3-hwp5-pmwc",
"modified": "2021-10-27T17:00:10Z",
"published": "2021-10-26T14:55:02Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41182"
},
{
"type": "WEB",
"url": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.drupal.org/sa-core-2022-002"
},
{
"type": "WEB",
"url": "https://www.drupal.org/sa-contrib-2022-004"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211118-0004"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ui-rails/CVE-2021-41182.yml"
},
{
"type": "PACKAGE",
"url": "https://github.com/jquery/jquery-ui"
},
{
"type": "WEB",
"url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "XSS in the `altField` option of the Datepicker widget in jquery-ui"
}
fkie_cve-2021-41182
Vulnerability from fkie_nvd
Published
2021-10-26 15:15
Modified
2024-11-21 06:25
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/ | Release Notes, Vendor Advisory | |
| security-advisories@github.com | https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc | Exploit, Mitigation, Third Party Advisory | |
| security-advisories@github.com | https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html | Mailing List, Third Party Advisory | |
| security-advisories@github.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/ | Mailing List, Third Party Advisory | |
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/ | Mailing List, Third Party Advisory | |
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/ | Mailing List, Third Party Advisory | |
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/ | Mailing List, Third Party Advisory | |
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/ | Mailing List, Third Party Advisory | |
| security-advisories@github.com | https://security.netapp.com/advisory/ntap-20211118-0004/ | Third Party Advisory | |
| security-advisories@github.com | https://www.drupal.org/sa-contrib-2022-004 | Third Party Advisory | |
| security-advisories@github.com | https://www.drupal.org/sa-core-2022-002 | Third Party Advisory | |
| security-advisories@github.com | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| security-advisories@github.com | https://www.oracle.com/security-alerts/cpujul2022.html | Patch, Third Party Advisory | |
| security-advisories@github.com | https://www.tenable.com/security/tns-2022-09 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20211118-0004/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.drupal.org/sa-contrib-2022-004 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.drupal.org/sa-core-2022-002 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/tns-2022-09 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jqueryui | jquery_ui | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h300e_firmware | - | |
| netapp | h300e | - | |
| netapp | h500e_firmware | - | |
| netapp | h500e | - | |
| netapp | h700e_firmware | - | |
| netapp | h700e | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| debian | debian_linux | 9.0 | |
| drupal | drupal | * | |
| oracle | communications_interactive_session_recorder | 6.4 | |
| oracle | communications_operations_monitor | 4.3 | |
| oracle | communications_operations_monitor | 4.4 | |
| oracle | communications_operations_monitor | 5.0 | |
| oracle | hospitality_suite8 | * | |
| oracle | hospitality_suite8 | 8.10.2 | |
| oracle | mysql_enterprise_monitor | * | |
| oracle | primavera_unifier | 17.7 | |
| oracle | primavera_unifier | 17.8 | |
| oracle | primavera_unifier | 17.9 | |
| oracle | primavera_unifier | 17.10 | |
| oracle | primavera_unifier | 17.11 | |
| oracle | primavera_unifier | 17.12 | |
| oracle | primavera_unifier | 18.8 | |
| oracle | primavera_unifier | 19.12 | |
| oracle | primavera_unifier | 20.12 | |
| oracle | primavera_unifier | 21.12 | |
| oracle | weblogic_server | 12.2.1.3.0 | |
| oracle | weblogic_server | 12.2.1.4.0 | |
| oracle | weblogic_server | 14.1.1.0.0 | |
| tenable | tenable.sc | * | |
| oracle | agile_plm | 9.3.6 | |
| oracle | application_express | * | |
| oracle | banking_platform | 2.9.0 | |
| oracle | banking_platform | 2.12.0 | |
| oracle | big_data_spatial_and_graph | * | |
| oracle | big_data_spatial_and_graph | 23.1 | |
| oracle | communications_interactive_session_recorder | 6.4 | |
| oracle | communications_operations_monitor | 4.3 | |
| oracle | communications_operations_monitor | 4.4 | |
| oracle | communications_operations_monitor | 5.0 | |
| oracle | hospitality_inventory_management | 9.1.0 | |
| oracle | hospitality_materials_control | 18.1 | |
| oracle | hospitality_suite8 | * | |
| oracle | hospitality_suite8 | 8.10.2 | |
| oracle | jd_edwards_enterpriseone_tools | * | |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | |
| oracle | peoplesoft_enterprise_peopletools | 8.59 | |
| oracle | policy_automation | * | |
| oracle | primavera_unifier | * | |
| oracle | primavera_unifier | 18.8 | |
| oracle | primavera_unifier | 19.12 | |
| oracle | primavera_unifier | 20.12 | |
| oracle | primavera_unifier | 21.12 | |
| oracle | rest_data_services | * | |
| oracle | rest_data_services | 22.1.1 | |
| oracle | weblogic_server | 12.2.1.3.0 | |
| oracle | weblogic_server | 12.2.1.4.0 | |
| oracle | weblogic_server | 14.1.1.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:*",
"matchCriteriaId": "EA897736-789A-461C-86F5-E7470E643213",
"versionEndExcluding": "1.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "013FAABA-8CDD-46AD-B321-9908634C880A",
"versionEndExcluding": "7.86",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B98BAEB2-A540-4E8A-A946-C4331B913AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FBE260-E306-4215-80C0-D2D27CA43E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7F4B5F0-6B78-4A94-AD83-6B78D484E298",
"versionEndIncluding": "8.14.0",
"versionStartIncluding": "8.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDA65DE-5727-49DC-8D50-DA81DB3E8841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747",
"versionEndIncluding": "8.0.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC99884C-17AD-4C42-B404-4E862175C1A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E5659049-8C12-433D-9CE2-90615122CB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:*",
"matchCriteriaId": "737A843D-6B2F-4443-85FF-7B72B46A7251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC11D4E-23D3-49CE-A9B1-68477EF8C6F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DFBD39-0511-406D-B972-F3F11976229D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*",
"matchCriteriaId": "33157281-11A0-4700-99AB-40B7B9C57A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAB9A41F-91F1-40DF-BF12-6ADA7229A84C",
"versionEndExcluding": "5.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48B23728-0050-4AF0-B8B0-A959CBAB4505",
"versionEndExcluding": "22.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9FC9AB-1070-420F-870E-A5EC43A924A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC6D658-09EA-4C41-869F-1C2EA163F751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*",
"matchCriteriaId": "384DEDD9-CB26-4306-99D8-83068A9B23ED",
"versionEndExcluding": "23.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF828F5-C666-40DA-98DD-CDF658D7090B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B98BAEB2-A540-4E8A-A946-C4331B913AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FBE260-E306-4215-80C0-D2D27CA43E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8865CE15-F9A1-4A46-AF93-B58356BDEE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC63D10-2326-4542-B345-31D45B9A7408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7F4B5F0-6B78-4A94-AD83-6B78D484E298",
"versionEndIncluding": "8.14.0",
"versionStartIncluding": "8.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDA65DE-5727-49DC-8D50-DA81DB3E8841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5F35B8D-6F26-4682-8541-6F10EE2ACE7E",
"versionEndIncluding": "9.2.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15C83E0F-5FA2-47E5-9FCF-CD2E90D6A9E8",
"versionEndIncluding": "12.2.25",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*",
"matchCriteriaId": "105BF985-2403-455E-BAA1-509245B54A1D",
"versionEndExcluding": "22.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*",
"matchCriteriaId": "281F1ACB-3180-422C-BADF-B0AE5F50924E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources."
},
{
"lang": "es",
"value": "jQuery-UI es la biblioteca oficial de interfaz de usuario de jQuery. Antes de la versi\u00f3n 1.13.0, aceptar el valor de la opci\u00f3n \"altField\" del widget Datepicker desde fuentes no confiables puede ejecutar c\u00f3digo no confiable. El problema es corregido en jQuery UI versi\u00f3n 1.13.0. Cualquier valor de cadena pasado a la opci\u00f3n \"altField\" se trata ahora como un selector CSS. Una soluci\u00f3n es no aceptar el valor de la opci\u00f3n \"altField\" de fuentes no confiables"
}
],
"id": "CVE-2021-41182",
"lastModified": "2024-11-21T06:25:41.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-26T15:15:10.313",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-contrib-2022-004"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-core-2022-002"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-contrib-2022-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-core-2022-002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-09"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
suse-su-2022:1729-1
Vulnerability from csaf_suse
Published
2022-05-18 14:55
Modified
2022-05-18 14:55
Summary
Security update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud
Notes
Title of the patch
Security update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud
Description of the patch
This update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud fixes the following issues:
Security fixes included on the update:
ardana-barbican:
- Update policies to protect container secret access (SOC-11621)
- Update policies to protect secret metadata access (SOC-11620)
openstack-neutron:
- CVE-2021-40085: Fixed arbitrary dnsmasq reconfiguration via extra_dhcp_opts (bsc#1189794).
rubygem-sinatra:
- CVE-2022-29970: Fixed path traversal possible outside of public_dir when serving static files (bsc#1199138).
python-XStatic-jquery-ui:
- CVE-2021-41182: Fixed XSS in the `altField` option of the Datepicker widget (bsc#1192070)
- CVE-2021-41183: Fixed XSS in the `of` option of the `.position()` util (bsc#1192073)
- CVE-2021-41184: Fixed XSS in `*Text` options of the Datepicker widget (bsc#1192075)
python-lxml:
- CVE-2018-19787: Fixed that the lxml.html.clean module does remove javascript in lxml/html/clean.py (bsc#1118088).
- CVE-2020-27783: Fixed mXSS due to the use of improper parser (bsc#1179534).
- CVE-2021-28957: Fixed missing input sanitization for formaction HTML5 attributes that may have led to XSS (bsc#1184177).
- CVE-2021-43818: Fixed HTML Cleaner that allowed crafted and SVG embedded scripts to pass through (bsc#1193752).
openstack-barbican:
- CVE-2022-23451: Disallows authenticated users to add/modify/delete arbitrary metadata on any secret (bsc#1194952).
- CVE-2022-23452: Disallows anyone with an admin role to add their secrets to a different project's containers (bsc#1194954).
grafana:
- CVE-2021-44716: Fixed net/http: limit growth of header canonicalization cache (bsc#1193597).
openstack-keystone:
- CVE-2021-38155: Fixed information disclosure during account locking (bsc#1189390).
Non-security fixes included on the update:
Changes in ardana-barbican:
- Update to version 9.0+git.1644879908.8a641c1:
* Update policies to protect container secret access (SOC-11621)
- Update to version 9.0+git.1643052417.9a3348e:
* update policies to protect secret metadata access (SOC-11620)
Changes in grafana:
- Add CVE-2021-43813.patch (bsc#1193688, CVE-2021-43813)
* directory traversal vulnerability for .md files
- Bump Go to 1.16 (bsc#1193597, CVE-2021-44716)
* Fix Go net/http: limit growth of header canonicalization cache
Changes in openstack-barbican:
- Add patches (0001-Fix-RBAC-and-ACL-access-for-managing-secret-containe.patch
and 0001-Fix-policy-for-adding-a-secret-to-a-container.patch) to fix
the legacy policy rules for adding a secret to a container and removing
a secret from a container. bsc#1194954,CVE-2022-23452
- Add patch (0001-Fix-secret-metadata-access-rules.patch) to fix the
legacy policy rules for accessing secret metadata by checking that
the user making the request is authenticated for the project that
owns the secret. bsc#1194952,CVE-2022-23451
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev24:
* Correct group:reset\_group\_snapshot\_status policy
Changes in openstack-cinder:
- Update to version cinder-13.0.10.dev24:
* Correct group:reset\_group\_snapshot\_status policy
Changes in openstack-heat-gbp:
- Update to version group-based-policy-automation-14.0.1.dev4:
* Add support for yoga
- Update to version group-based-policy-automation-14.0.1.dev3:
* Python2/3 compatibility fixes
- Update to version group-based-policy-automation-14.0.1.dev2:
* Add support for xena
- Update to version group-based-policy-automation-14.0.1.dev1:
* Remove py27 from gate jobs
14.0.0
Changes in openstack-horizon-plugin-gbp-ui:
- Update to version group-based-policy-ui-14.0.1.dev3:
* Add support for yoga
- Update to version group-based-policy-ui-14.0.1.dev2:
* Python2/3 compatibility changes
- Update to version group-based-policy-ui-14.0.1.dev1:
* Add support for xena
14.0.0
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev18:
* Cleanup stable/rocky legacy jobs
Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev18:
* Cleanup stable/rocky legacy jobs
Changes in openstack-keystone:
- Update to version keystone-14.2.1.dev9:
* Delete system role assignments from system\_assignment table
Changes in openstack-keystone:
- Add patch (0001-Hide-AccountLocked-exception-from-end-users.patch) to fix
the problem where AccountLocked exception discloses sensitive information.
bsc#1189390,CVE-2021-38155
- Update to version keystone-14.2.1.dev9:
* Delete system role assignments from system\_assignment table
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-14.0.1.dev33:
* Populate network mtu for erspan
- Update to version group-based-policy-14.0.1.dev32:
* ERSPAN config error when Openstack port is created in a different project than network it belongs to
2014.2.rc1
- Update to version group-based-policy-14.0.1.dev31:
* Python2/3 compatibility fixes
2014.2.0rc1
- Update to version group-based-policy-14.0.1.dev29:
* Fix oslo\_i18n usage
- Update to version group-based-policy-14.0.1.dev27:
* Update mechanism\_driver cache
2014.2.rc1
- Update to version group-based-policy-14.0.1.dev26:
* Add support for xena
- Update to version group-based-policy-14.0.1.dev24:
* update\_floatingip\_status\_while\_deleting\_the\_vm
- Update to version group-based-policy-14.0.1.dev22:
* Updating host id by appending pid in existing host id
2014.2.0rc1
- Update to version group-based-policy-14.0.1.dev20:
* Revert 'Add workaround to get\_subnets'
Changes in python-lxml:
- Fix bsc#1179534 (CVE-2020-27783)
mXSS due to the use of improper parser
Patch files: 0001-CVE-2020-27783.patch 0002-CVE-2020-27783.patch
- Fix bsc#1118088 (CVE-2018-19787)
lxml/html/clean.py in the lxml.html.clean module does not remove
javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks
Patch file: 0001-CVE-2018-19787.patch
- Fix bsc#1184177 (CVE-2021-28957)
missing input sanitization for formaction HTML5 attributes may lead to XSS
Patch file: 0001-CVE-2021-28957.patch
- Fix bsc#1193752 (CVE-2021-43818)
Cleaner: Remove SVG image data URLs since they can embed script content.
Reported as GHSL-2021-1037 and GHSL-2021-1038
Patch files 0001-CVE-2021-43818.patch 0002-CVE-2021-43818.patch
Changes in openstack-neutron-doc:
- Update to version neutron-13.0.8.dev206:
* Wait longer before deleting DPDK vhu trunk bridges
- Update to version neutron-13.0.8.dev205:
* Do no use '--strict' for OF deletion in TRANSIENT\_TABLE
- Update to version neutron-13.0.8.dev203:
* Populate self.floating\_ips\_dict using 'ip rule' information
- Update to version neutron-13.0.8.dev201:
* [Functional] Wait for the initial state of ha router before test
* Don't setup bridge controller if it is already set
- Update to version neutron-13.0.8.dev198:
* Remove dhcp\_extra\_opt name after first newline character
- Update to version neutron-13.0.8.dev196:
* [L3] Use processing queue for network update events
* Add extra logs to the network update callback in L3 agent
- Update to version neutron-13.0.8.dev192:
* Remove dhcp\_extra\_opt value after first newline character
- Update to version neutron-13.0.8.dev190:
* Don't use singleton in routes.middleware.RoutesMiddleware
- Update to version neutron-13.0.8.dev189:
* Fix notify listener syntax for SEGMENT\_HOST\_MAPPING
- Update to version neutron-13.0.8.dev188:
* Clean port forwarding cache when router is DOWN
- Update to version neutron-13.0.8.dev186:
* Remove FIP agent's gw port when L3 agent is deleted
- Update to version neutron-13.0.8.dev184:
* Force to close http connection after notify about HA router status
- Update to version neutron-13.0.8.dev183:
* Don't configure dnsmasq entries for 'network' ports
- Update to version neutron-13.0.8.dev181:
* Exclude fallback tunnel devices from netns cleanup
- Update to version neutron-13.0.8.dev180:
* [DVR] Send allowed address pairs info to the L3 agents
* designate: allow PTR zone creation to fail
* Don't try to create default SG when security groups are disabled
- Update to version neutron-13.0.8.dev174:
* Fix update of trunk subports during live migration
- Update to version neutron-13.0.8.dev172:
* [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses
- Update to version neutron-13.0.8.dev170:
* Call install\_ingress\_direct\_goto\_flows() when ovs restarts
- Update to version neutron-13.0.8.dev168:
* Fix multicast traffic with IGMP snooping enabled
- Update to version neutron-13.0.8.dev166:
* Fix OVS conjunctive IP flows cleanup
Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev206:
* Wait longer before deleting DPDK vhu trunk bridges
- Update to version neutron-13.0.8.dev205:
* Do no use '--strict' for OF deletion in TRANSIENT\_TABLE
- Update to version neutron-13.0.8.dev203:
* Populate self.floating\_ips\_dict using 'ip rule' information
- Update to version neutron-13.0.8.dev201:
* [Functional] Wait for the initial state of ha router before test
* Don't setup bridge controller if it is already set
- Update to version neutron-13.0.8.dev198:
* Remove dhcp\_extra\_opt name after first newline character
- Update to version neutron-13.0.8.dev196:
* [L3] Use processing queue for network update events
* Add extra logs to the network update callback in L3 agent
- Remove cve-2021-40085-stable-rocky.patch (merged upstream)
- Update to version neutron-13.0.8.dev192:
* Remove dhcp\_extra\_opt value after first newline character
- Update to version neutron-13.0.8.dev190:
* Don't use singleton in routes.middleware.RoutesMiddleware
- Update to version neutron-13.0.8.dev189:
* Fix notify listener syntax for SEGMENT\_HOST\_MAPPING
- Add cve-2021-40085-stable-rocky.patch (bsc#1189794, CVE-2021-40085)
* Remove dhcp_extra_opt value after first newline character
- Update to version neutron-13.0.8.dev188:
* Clean port forwarding cache when router is DOWN
- Update to version neutron-13.0.8.dev186:
* Remove FIP agent's gw port when L3 agent is deleted
- Update to version neutron-13.0.8.dev184:
* Force to close http connection after notify about HA router status
- Update to version neutron-13.0.8.dev183:
* Don't configure dnsmasq entries for 'network' ports
- Update to version neutron-13.0.8.dev181:
* Exclude fallback tunnel devices from netns cleanup
- Update to version neutron-13.0.8.dev180:
* [DVR] Send allowed address pairs info to the L3 agents
* designate: allow PTR zone creation to fail
* Don't try to create default SG when security groups are disabled
- Update to version neutron-13.0.8.dev174:
* Fix update of trunk subports during live migration
- Update to version neutron-13.0.8.dev172:
* [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses
- Update to version neutron-13.0.8.dev170:
* Call install\_ingress\_direct\_goto\_flows() when ovs restarts
- Update to version neutron-13.0.8.dev168:
* Fix multicast traffic with IGMP snooping enabled
- Update to version neutron-13.0.8.dev166:
* Fix OVS conjunctive IP flows cleanup
Changes in python-Pillow:
- Add 030-CVE-2022-22817.patch
* From upstream, backported
* Fixes CVE-2022-22817, bsc#1194521
* test from upstream updated for python2
- Add 028-CVE-2022-22815.patch
* From upstream, backported
* Fixes CVE-2022-22815, bsc#1194552
- Add 029-CVE-2022-22816.patch
* From upstream, backported
* Fixes CVE-2022-22816, bsc#1194551
Changes in python-XStatic-jquery-ui:
- Update to version 1.13.0.1 (bsc#1192070, CVE-2021-41182, bsc#1192073,
CVE-2021-41184, bsc#1192075, CVE-2021-41183)
* Fix XSS in the altField option of the Datepicker widget
(CVE-2021-41182)
* Fix XSS in *Text options of the Datepicker widget
(CVE-2021-41183)
* Fix XSS in the of option of the .position() util
(CVE-2021-41184)
* Drop support for Query 1.7
* Accordion: allow function parameter for selecting header
elements
* Datepicker: add optional onUpdateDatepicker callback
Changes in release-notes-suse-openstack-cloud:
- Update to version 9.20220413:
* Update release notes to indicate support for SES7
- Update to version 9.20220112:
* Add reference to keystone bcrypt issue to known limitations (bsc#1186380)
Changes in rubygem-sinatra:
- Add CVE-2022-29970.patch (bsc#1199138, CVE-2022-29970)
Patchnames
SUSE-2022-1729,SUSE-OpenStack-Cloud-9-2022-1729,SUSE-OpenStack-Cloud-Crowbar-9-2022-1729
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud fixes the following issues:\n\nSecurity fixes included on the update:\n\nardana-barbican:\n\n- Update policies to protect container secret access (SOC-11621)\n- Update policies to protect secret metadata access (SOC-11620)\n\nopenstack-neutron:\n\n- CVE-2021-40085: Fixed arbitrary dnsmasq reconfiguration via extra_dhcp_opts (bsc#1189794).\n\nrubygem-sinatra:\n\n- CVE-2022-29970: Fixed path traversal possible outside of public_dir when serving static files (bsc#1199138).\n\npython-XStatic-jquery-ui:\n\n- CVE-2021-41182: Fixed XSS in the `altField` option of the Datepicker widget (bsc#1192070)\n- CVE-2021-41183: Fixed XSS in the `of` option of the `.position()` util (bsc#1192073)\n- CVE-2021-41184: Fixed XSS in `*Text` options of the Datepicker widget (bsc#1192075)\n\npython-lxml:\n\n- CVE-2018-19787: Fixed that the lxml.html.clean module does remove javascript in lxml/html/clean.py (bsc#1118088).\n- CVE-2020-27783: Fixed mXSS due to the use of improper parser (bsc#1179534).\n- CVE-2021-28957: Fixed missing input sanitization for formaction HTML5 attributes that may have led to XSS (bsc#1184177).\n- CVE-2021-43818: Fixed HTML Cleaner that allowed crafted and SVG embedded scripts to pass through (bsc#1193752).\n\nopenstack-barbican:\n\n- CVE-2022-23451: Disallows authenticated users to add/modify/delete arbitrary metadata on any secret (bsc#1194952).\n- CVE-2022-23452: Disallows anyone with an admin role to add their secrets to a different project\u0027s containers (bsc#1194954).\n\ngrafana:\n\n- CVE-2021-44716: Fixed net/http: limit growth of header canonicalization cache (bsc#1193597).\n\nopenstack-keystone:\n\n- CVE-2021-38155: Fixed information disclosure during account locking (bsc#1189390).\n\nNon-security fixes included on the update:\n\nChanges in ardana-barbican:\n- Update to version 9.0+git.1644879908.8a641c1:\n * Update policies to protect container secret access (SOC-11621)\n\n- Update to version 9.0+git.1643052417.9a3348e:\n * update policies to protect secret metadata access (SOC-11620)\n\nChanges in grafana:\n- Add CVE-2021-43813.patch (bsc#1193688, CVE-2021-43813)\n * directory traversal vulnerability for .md files \n\n- Bump Go to 1.16 (bsc#1193597, CVE-2021-44716)\n * Fix Go net/http: limit growth of header canonicalization cache\n\nChanges in openstack-barbican:\n- Add patches (0001-Fix-RBAC-and-ACL-access-for-managing-secret-containe.patch\n and 0001-Fix-policy-for-adding-a-secret-to-a-container.patch) to fix\n the legacy policy rules for adding a secret to a container and removing\n a secret from a container. bsc#1194954,CVE-2022-23452\n\n- Add patch (0001-Fix-secret-metadata-access-rules.patch) to fix the\n legacy policy rules for accessing secret metadata by checking that\n the user making the request is authenticated for the project that\n owns the secret. bsc#1194952,CVE-2022-23451\n\nChanges in openstack-cinder:\n- Update to version cinder-13.0.10.dev24:\n * Correct group:reset\\_group\\_snapshot\\_status policy\n\nChanges in openstack-cinder:\n- Update to version cinder-13.0.10.dev24:\n * Correct group:reset\\_group\\_snapshot\\_status policy\n\nChanges in openstack-heat-gbp:\n- Update to version group-based-policy-automation-14.0.1.dev4:\n * Add support for yoga\n\n- Update to version group-based-policy-automation-14.0.1.dev3:\n * Python2/3 compatibility fixes\n\n- Update to version group-based-policy-automation-14.0.1.dev2:\n * Add support for xena\n\n- Update to version group-based-policy-automation-14.0.1.dev1:\n * Remove py27 from gate jobs\n 14.0.0\n\nChanges in openstack-horizon-plugin-gbp-ui:\n- Update to version group-based-policy-ui-14.0.1.dev3:\n * Add support for yoga\n\n- Update to version group-based-policy-ui-14.0.1.dev2:\n * Python2/3 compatibility changes\n\n- Update to version group-based-policy-ui-14.0.1.dev1:\n * Add support for xena\n 14.0.0\n\nChanges in openstack-ironic:\n- Update to version ironic-11.1.5.dev18:\n * Cleanup stable/rocky legacy jobs\n\nChanges in openstack-ironic:\n- Update to version ironic-11.1.5.dev18:\n * Cleanup stable/rocky legacy jobs\n\nChanges in openstack-keystone:\n- Update to version keystone-14.2.1.dev9:\n * Delete system role assignments from system\\_assignment table\n\nChanges in openstack-keystone:\n- Add patch (0001-Hide-AccountLocked-exception-from-end-users.patch) to fix\n the problem where AccountLocked exception discloses sensitive information.\n bsc#1189390,CVE-2021-38155\n\n- Update to version keystone-14.2.1.dev9:\n * Delete system role assignments from system\\_assignment table\n\nChanges in openstack-neutron-gbp:\n- Update to version group-based-policy-14.0.1.dev33:\n * Populate network mtu for erspan\n\n- Update to version group-based-policy-14.0.1.dev32:\n * ERSPAN config error when Openstack port is created in a different project than network it belongs to\n 2014.2.rc1\n\n- Update to version group-based-policy-14.0.1.dev31:\n * Python2/3 compatibility fixes\n 2014.2.0rc1\n\n- Update to version group-based-policy-14.0.1.dev29:\n * Fix oslo\\_i18n usage\n\n- Update to version group-based-policy-14.0.1.dev27:\n * Update mechanism\\_driver cache\n 2014.2.rc1\n\n- Update to version group-based-policy-14.0.1.dev26:\n * Add support for xena\n\n- Update to version group-based-policy-14.0.1.dev24:\n * update\\_floatingip\\_status\\_while\\_deleting\\_the\\_vm\n\n- Update to version group-based-policy-14.0.1.dev22:\n * Updating host id by appending pid in existing host id\n 2014.2.0rc1\n\n- Update to version group-based-policy-14.0.1.dev20:\n * Revert \u0027Add workaround to get\\_subnets\u0027\n\nChanges in python-lxml:\n- Fix bsc#1179534 (CVE-2020-27783)\n mXSS due to the use of improper parser \n Patch files: 0001-CVE-2020-27783.patch 0002-CVE-2020-27783.patch\n- Fix bsc#1118088 (CVE-2018-19787)\n lxml/html/clean.py in the lxml.html.clean module does not remove\n javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks\n Patch file: 0001-CVE-2018-19787.patch\n- Fix bsc#1184177 (CVE-2021-28957)\n missing input sanitization for formaction HTML5 attributes may lead to XSS\n Patch file: 0001-CVE-2021-28957.patch\n- Fix bsc#1193752 (CVE-2021-43818)\n Cleaner: Remove SVG image data URLs since they can embed script content.\n Reported as GHSL-2021-1037 and GHSL-2021-1038 \n Patch files 0001-CVE-2021-43818.patch 0002-CVE-2021-43818.patch\n\nChanges in openstack-neutron-doc:\n- Update to version neutron-13.0.8.dev206:\n * Wait longer before deleting DPDK vhu trunk bridges\n\n- Update to version neutron-13.0.8.dev205:\n * Do no use \u0027--strict\u0027 for OF deletion in TRANSIENT\\_TABLE\n\n- Update to version neutron-13.0.8.dev203:\n * Populate self.floating\\_ips\\_dict using \u0027ip rule\u0027 information\n\n- Update to version neutron-13.0.8.dev201:\n * [Functional] Wait for the initial state of ha router before test\n * Don\u0027t setup bridge controller if it is already set\n\n- Update to version neutron-13.0.8.dev198:\n * Remove dhcp\\_extra\\_opt name after first newline character\n\n- Update to version neutron-13.0.8.dev196:\n * [L3] Use processing queue for network update events\n * Add extra logs to the network update callback in L3 agent\n\n- Update to version neutron-13.0.8.dev192:\n * Remove dhcp\\_extra\\_opt value after first newline character\n\n- Update to version neutron-13.0.8.dev190:\n * Don\u0027t use singleton in routes.middleware.RoutesMiddleware\n\n- Update to version neutron-13.0.8.dev189:\n * Fix notify listener syntax for SEGMENT\\_HOST\\_MAPPING\n\n- Update to version neutron-13.0.8.dev188:\n * Clean port forwarding cache when router is DOWN\n\n- Update to version neutron-13.0.8.dev186:\n * Remove FIP agent\u0027s gw port when L3 agent is deleted\n\n- Update to version neutron-13.0.8.dev184:\n * Force to close http connection after notify about HA router status\n\n- Update to version neutron-13.0.8.dev183:\n * Don\u0027t configure dnsmasq entries for \u0027network\u0027 ports\n\n- Update to version neutron-13.0.8.dev181:\n * Exclude fallback tunnel devices from netns cleanup\n\n- Update to version neutron-13.0.8.dev180:\n * [DVR] Send allowed address pairs info to the L3 agents\n * designate: allow PTR zone creation to fail\n * Don\u0027t try to create default SG when security groups are disabled\n\n- Update to version neutron-13.0.8.dev174:\n * Fix update of trunk subports during live migration\n\n- Update to version neutron-13.0.8.dev172:\n * [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses\n\n- Update to version neutron-13.0.8.dev170:\n * Call install\\_ingress\\_direct\\_goto\\_flows() when ovs restarts\n\n- Update to version neutron-13.0.8.dev168:\n * Fix multicast traffic with IGMP snooping enabled\n\n- Update to version neutron-13.0.8.dev166:\n * Fix OVS conjunctive IP flows cleanup\n\nChanges in openstack-neutron:\n- Update to version neutron-13.0.8.dev206:\n * Wait longer before deleting DPDK vhu trunk bridges\n\n- Update to version neutron-13.0.8.dev205:\n * Do no use \u0027--strict\u0027 for OF deletion in TRANSIENT\\_TABLE\n\n- Update to version neutron-13.0.8.dev203:\n * Populate self.floating\\_ips\\_dict using \u0027ip rule\u0027 information\n\n- Update to version neutron-13.0.8.dev201:\n * [Functional] Wait for the initial state of ha router before test\n * Don\u0027t setup bridge controller if it is already set\n\n- Update to version neutron-13.0.8.dev198:\n * Remove dhcp\\_extra\\_opt name after first newline character\n\n- Update to version neutron-13.0.8.dev196:\n * [L3] Use processing queue for network update events\n * Add extra logs to the network update callback in L3 agent\n\n- Remove cve-2021-40085-stable-rocky.patch (merged upstream)\n\n- Update to version neutron-13.0.8.dev192:\n * Remove dhcp\\_extra\\_opt value after first newline character\n\n- Update to version neutron-13.0.8.dev190:\n * Don\u0027t use singleton in routes.middleware.RoutesMiddleware\n\n- Update to version neutron-13.0.8.dev189:\n * Fix notify listener syntax for SEGMENT\\_HOST\\_MAPPING\n\n- Add cve-2021-40085-stable-rocky.patch (bsc#1189794, CVE-2021-40085) \n * Remove dhcp_extra_opt value after first newline character\n\n- Update to version neutron-13.0.8.dev188:\n * Clean port forwarding cache when router is DOWN\n\n- Update to version neutron-13.0.8.dev186:\n * Remove FIP agent\u0027s gw port when L3 agent is deleted\n\n- Update to version neutron-13.0.8.dev184:\n * Force to close http connection after notify about HA router status\n\n- Update to version neutron-13.0.8.dev183:\n * Don\u0027t configure dnsmasq entries for \u0027network\u0027 ports\n\n- Update to version neutron-13.0.8.dev181:\n * Exclude fallback tunnel devices from netns cleanup\n\n- Update to version neutron-13.0.8.dev180:\n * [DVR] Send allowed address pairs info to the L3 agents\n * designate: allow PTR zone creation to fail\n * Don\u0027t try to create default SG when security groups are disabled\n\n- Update to version neutron-13.0.8.dev174:\n * Fix update of trunk subports during live migration\n\n- Update to version neutron-13.0.8.dev172:\n * [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses\n\n- Update to version neutron-13.0.8.dev170:\n * Call install\\_ingress\\_direct\\_goto\\_flows() when ovs restarts\n\n- Update to version neutron-13.0.8.dev168:\n * Fix multicast traffic with IGMP snooping enabled\n\n- Update to version neutron-13.0.8.dev166:\n * Fix OVS conjunctive IP flows cleanup\n\nChanges in python-Pillow:\n- Add 030-CVE-2022-22817.patch\n * From upstream, backported\n * Fixes CVE-2022-22817, bsc#1194521 \n * test from upstream updated for python2\n\n- Add 028-CVE-2022-22815.patch\n * From upstream, backported\n * Fixes CVE-2022-22815, bsc#1194552\n- Add 029-CVE-2022-22816.patch\n * From upstream, backported\n * Fixes CVE-2022-22816, bsc#1194551\n\nChanges in python-XStatic-jquery-ui:\n- Update to version 1.13.0.1 (bsc#1192070, CVE-2021-41182, bsc#1192073,\n CVE-2021-41184, bsc#1192075, CVE-2021-41183)\n * Fix XSS in the altField option of the Datepicker widget \n (CVE-2021-41182)\n * Fix XSS in *Text options of the Datepicker widget\n (CVE-2021-41183)\n * Fix XSS in the of option of the .position() util\n (CVE-2021-41184)\n * Drop support for Query 1.7\n * Accordion: allow function parameter for selecting header\n elements\n * Datepicker: add optional onUpdateDatepicker callback\n\nChanges in release-notes-suse-openstack-cloud:\n- Update to version 9.20220413:\n * Update release notes to indicate support for SES7\n- Update to version 9.20220112:\n * Add reference to keystone bcrypt issue to known limitations (bsc#1186380)\n\nChanges in rubygem-sinatra:\n- Add CVE-2022-29970.patch (bsc#1199138, CVE-2022-29970)\n\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-1729,SUSE-OpenStack-Cloud-9-2022-1729,SUSE-OpenStack-Cloud-Crowbar-9-2022-1729",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1729-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:1729-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221729-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:1729-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/011075.html"
},
{
"category": "self",
"summary": "SUSE Bug 1118088",
"url": "https://bugzilla.suse.com/1118088"
},
{
"category": "self",
"summary": "SUSE Bug 1179534",
"url": "https://bugzilla.suse.com/1179534"
},
{
"category": "self",
"summary": "SUSE Bug 1184177",
"url": "https://bugzilla.suse.com/1184177"
},
{
"category": "self",
"summary": "SUSE Bug 1186380",
"url": "https://bugzilla.suse.com/1186380"
},
{
"category": "self",
"summary": "SUSE Bug 1189390",
"url": "https://bugzilla.suse.com/1189390"
},
{
"category": "self",
"summary": "SUSE Bug 1189794",
"url": "https://bugzilla.suse.com/1189794"
},
{
"category": "self",
"summary": "SUSE Bug 1192070",
"url": "https://bugzilla.suse.com/1192070"
},
{
"category": "self",
"summary": "SUSE Bug 1192073",
"url": "https://bugzilla.suse.com/1192073"
},
{
"category": "self",
"summary": "SUSE Bug 1192075",
"url": "https://bugzilla.suse.com/1192075"
},
{
"category": "self",
"summary": "SUSE Bug 1193597",
"url": "https://bugzilla.suse.com/1193597"
},
{
"category": "self",
"summary": "SUSE Bug 1193688",
"url": "https://bugzilla.suse.com/1193688"
},
{
"category": "self",
"summary": "SUSE Bug 1193752",
"url": "https://bugzilla.suse.com/1193752"
},
{
"category": "self",
"summary": "SUSE Bug 1194521",
"url": "https://bugzilla.suse.com/1194521"
},
{
"category": "self",
"summary": "SUSE Bug 1194551",
"url": "https://bugzilla.suse.com/1194551"
},
{
"category": "self",
"summary": "SUSE Bug 1194552",
"url": "https://bugzilla.suse.com/1194552"
},
{
"category": "self",
"summary": "SUSE Bug 1194952",
"url": "https://bugzilla.suse.com/1194952"
},
{
"category": "self",
"summary": "SUSE Bug 1194954",
"url": "https://bugzilla.suse.com/1194954"
},
{
"category": "self",
"summary": "SUSE Bug 1199138",
"url": "https://bugzilla.suse.com/1199138"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19787 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19787/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27783 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27783/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28957 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38155 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-40085 page",
"url": "https://www.suse.com/security/cve/CVE-2021-40085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41182 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41183 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41184 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43813 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43818 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-44716 page",
"url": "https://www.suse.com/security/cve/CVE-2021-44716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22815 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22816 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22817 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23451 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23451/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23452 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23452/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-29970 page",
"url": "https://www.suse.com/security/cve/CVE-2022-29970/"
}
],
"title": "Security update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud",
"tracking": {
"current_release_date": "2022-05-18T14:55:52Z",
"generator": {
"date": "2022-05-18T14:55:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:1729-1",
"initial_release_date": "2022-05-18T14:55:52Z",
"revision_history": [
{
"date": "2022-05-18T14:55:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "grafana-6.7.4-3.26.1.aarch64",
"product": {
"name": "grafana-6.7.4-3.26.1.aarch64",
"product_id": "grafana-6.7.4-3.26.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-Pillow-5.2.0-3.17.1.aarch64",
"product": {
"name": "python-Pillow-5.2.0-3.17.1.aarch64",
"product_id": "python-Pillow-5.2.0-3.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-lxml-4.2.4-3.3.1.aarch64",
"product": {
"name": "python-lxml-4.2.4-3.3.1.aarch64",
"product_id": "python-lxml-4.2.4-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-lxml-devel-4.2.4-3.3.1.aarch64",
"product": {
"name": "python-lxml-devel-4.2.4-3.3.1.aarch64",
"product_id": "python-lxml-devel-4.2.4-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-Pillow-5.2.0-3.17.1.aarch64",
"product": {
"name": "python3-Pillow-5.2.0-3.17.1.aarch64",
"product_id": "python3-Pillow-5.2.0-3.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-lxml-4.2.4-3.3.1.aarch64",
"product": {
"name": "python3-lxml-4.2.4-3.3.1.aarch64",
"product_id": "python3-lxml-4.2.4-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-lxml-devel-4.2.4-3.3.1.aarch64",
"product": {
"name": "python3-lxml-devel-4.2.4-3.3.1.aarch64",
"product_id": "python3-lxml-devel-4.2.4-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.aarch64",
"product_id": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.aarch64",
"product_id": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.aarch64",
"product_id": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"product": {
"name": "ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"product_id": "ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"product": {
"name": "openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"product_id": "openstack-barbican-7.0.1~dev24-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"product": {
"name": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"product_id": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"product": {
"name": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"product_id": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"product": {
"name": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"product_id": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-barbican-test-7.0.1~dev24-3.14.1.noarch",
"product": {
"name": "openstack-barbican-test-7.0.1~dev24-3.14.1.noarch",
"product_id": "openstack-barbican-test-7.0.1~dev24-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"product": {
"name": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"product_id": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"product": {
"name": "openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"product_id": "openstack-cinder-13.0.10~dev24-3.34.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"product": {
"name": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"product_id": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"product": {
"name": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"product_id": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"product": {
"name": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"product_id": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-cinder-test-13.0.10~dev24-3.34.2.noarch",
"product": {
"name": "openstack-cinder-test-13.0.10~dev24-3.34.2.noarch",
"product_id": "openstack-cinder-test-13.0.10~dev24-3.34.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"product": {
"name": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"product_id": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"product": {
"name": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"product_id": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-heat-gbp-test-14.0.1~dev4-3.9.1.noarch",
"product": {
"name": "openstack-heat-gbp-test-14.0.1~dev4-3.9.1.noarch",
"product_id": "openstack-heat-gbp-test-14.0.1~dev4-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"product": {
"name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"product_id": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-horizon-plugin-gbp-ui-test-14.0.1~dev3-3.9.1.noarch",
"product": {
"name": "openstack-horizon-plugin-gbp-ui-test-14.0.1~dev3-3.9.1.noarch",
"product_id": "openstack-horizon-plugin-gbp-ui-test-14.0.1~dev3-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"product": {
"name": "openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"product_id": "openstack-ironic-11.1.5~dev18-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"product": {
"name": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"product_id": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"product": {
"name": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"product_id": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-ironic-test-11.1.5~dev18-3.28.2.noarch",
"product": {
"name": "openstack-ironic-test-11.1.5~dev18-3.28.2.noarch",
"product_id": "openstack-ironic-test-11.1.5~dev18-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"product": {
"name": "openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"product_id": "openstack-keystone-14.2.1~dev9-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-keystone-test-14.2.1~dev9-3.28.2.noarch",
"product": {
"name": "openstack-keystone-test-14.2.1~dev9-3.28.2.noarch",
"product_id": "openstack-keystone-test-14.2.1~dev9-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"product": {
"name": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"product_id": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-gbp-test-14.0.1~dev33-3.31.1.noarch",
"product": {
"name": "openstack-neutron-gbp-test-14.0.1~dev33-3.31.1.noarch",
"product_id": "openstack-neutron-gbp-test-14.0.1~dev33-3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-test-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "openstack-neutron-test-13.0.8~dev206-3.40.1.noarch",
"product_id": "openstack-neutron-test-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"product": {
"name": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"product_id": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python-barbican-7.0.1~dev24-3.14.1.noarch",
"product": {
"name": "python-barbican-7.0.1~dev24-3.14.1.noarch",
"product_id": "python-barbican-7.0.1~dev24-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "python-cinder-13.0.10~dev24-3.34.2.noarch",
"product": {
"name": "python-cinder-13.0.10~dev24-3.34.2.noarch",
"product_id": "python-cinder-13.0.10~dev24-3.34.2.noarch"
}
},
{
"category": "product_version",
"name": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"product": {
"name": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"product_id": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"product": {
"name": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"product_id": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "python-ironic-11.1.5~dev18-3.28.2.noarch",
"product": {
"name": "python-ironic-11.1.5~dev18-3.28.2.noarch",
"product_id": "python-ironic-11.1.5~dev18-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "python-keystone-14.2.1~dev9-3.28.2.noarch",
"product": {
"name": "python-keystone-14.2.1~dev9-3.28.2.noarch",
"product_id": "python-keystone-14.2.1~dev9-3.28.2.noarch"
}
},
{
"category": "product_version",
"name": "python-lxml-doc-4.2.4-3.3.1.noarch",
"product": {
"name": "python-lxml-doc-4.2.4-3.3.1.noarch",
"product_id": "python-lxml-doc-4.2.4-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python-neutron-13.0.8~dev206-3.40.1.noarch",
"product": {
"name": "python-neutron-13.0.8~dev206-3.40.1.noarch",
"product_id": "python-neutron-13.0.8~dev206-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"product": {
"name": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"product_id": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"product": {
"name": "python3-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"product_id": "python3-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-lxml-doc-4.2.4-3.3.1.noarch",
"product": {
"name": "python3-lxml-doc-4.2.4-3.3.1.noarch",
"product_id": "python3-lxml-doc-4.2.4-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"product": {
"name": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"product_id": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"product": {
"name": "venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"product_id": "venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"product": {
"name": "venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"product_id": "venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"product": {
"name": "venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"product_id": "venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"product": {
"name": "venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"product_id": "venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"product": {
"name": "venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"product_id": "venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"product": {
"name": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"product_id": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"product": {
"name": "venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"product_id": "venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"product": {
"name": "venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"product_id": "venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"product": {
"name": "venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"product_id": "venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"product": {
"name": "venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"product_id": "venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"product": {
"name": "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"product_id": "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"product": {
"name": "venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"product_id": "venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"product": {
"name": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"product_id": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"product": {
"name": "venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"product_id": "venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"product": {
"name": "venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"product_id": "venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"product": {
"name": "venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"product_id": "venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"product": {
"name": "venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"product_id": "venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-6.7.4-3.26.1.ppc64le",
"product": {
"name": "grafana-6.7.4-3.26.1.ppc64le",
"product_id": "grafana-6.7.4-3.26.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-Pillow-5.2.0-3.17.1.ppc64le",
"product": {
"name": "python-Pillow-5.2.0-3.17.1.ppc64le",
"product_id": "python-Pillow-5.2.0-3.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-lxml-4.2.4-3.3.1.ppc64le",
"product": {
"name": "python-lxml-4.2.4-3.3.1.ppc64le",
"product_id": "python-lxml-4.2.4-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-lxml-devel-4.2.4-3.3.1.ppc64le",
"product": {
"name": "python-lxml-devel-4.2.4-3.3.1.ppc64le",
"product_id": "python-lxml-devel-4.2.4-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-Pillow-5.2.0-3.17.1.ppc64le",
"product": {
"name": "python3-Pillow-5.2.0-3.17.1.ppc64le",
"product_id": "python3-Pillow-5.2.0-3.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-lxml-4.2.4-3.3.1.ppc64le",
"product": {
"name": "python3-lxml-4.2.4-3.3.1.ppc64le",
"product_id": "python3-lxml-4.2.4-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-lxml-devel-4.2.4-3.3.1.ppc64le",
"product": {
"name": "python3-lxml-devel-4.2.4-3.3.1.ppc64le",
"product_id": "python3-lxml-devel-4.2.4-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.ppc64le",
"product_id": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.ppc64le",
"product_id": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.ppc64le",
"product_id": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-6.7.4-3.26.1.s390x",
"product": {
"name": "grafana-6.7.4-3.26.1.s390x",
"product_id": "grafana-6.7.4-3.26.1.s390x"
}
},
{
"category": "product_version",
"name": "python-Pillow-5.2.0-3.17.1.s390x",
"product": {
"name": "python-Pillow-5.2.0-3.17.1.s390x",
"product_id": "python-Pillow-5.2.0-3.17.1.s390x"
}
},
{
"category": "product_version",
"name": "python-lxml-4.2.4-3.3.1.s390x",
"product": {
"name": "python-lxml-4.2.4-3.3.1.s390x",
"product_id": "python-lxml-4.2.4-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python-lxml-devel-4.2.4-3.3.1.s390x",
"product": {
"name": "python-lxml-devel-4.2.4-3.3.1.s390x",
"product_id": "python-lxml-devel-4.2.4-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-Pillow-5.2.0-3.17.1.s390x",
"product": {
"name": "python3-Pillow-5.2.0-3.17.1.s390x",
"product_id": "python3-Pillow-5.2.0-3.17.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-lxml-4.2.4-3.3.1.s390x",
"product": {
"name": "python3-lxml-4.2.4-3.3.1.s390x",
"product_id": "python3-lxml-4.2.4-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-lxml-devel-4.2.4-3.3.1.s390x",
"product": {
"name": "python3-lxml-devel-4.2.4-3.3.1.s390x",
"product_id": "python3-lxml-devel-4.2.4-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.s390x",
"product": {
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.s390x",
"product_id": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.s390x",
"product": {
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.s390x",
"product_id": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.s390x",
"product": {
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.s390x",
"product_id": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-6.7.4-3.26.1.x86_64",
"product": {
"name": "grafana-6.7.4-3.26.1.x86_64",
"product_id": "grafana-6.7.4-3.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-Pillow-5.2.0-3.17.1.x86_64",
"product": {
"name": "python-Pillow-5.2.0-3.17.1.x86_64",
"product_id": "python-Pillow-5.2.0-3.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-lxml-4.2.4-3.3.1.x86_64",
"product": {
"name": "python-lxml-4.2.4-3.3.1.x86_64",
"product_id": "python-lxml-4.2.4-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-lxml-devel-4.2.4-3.3.1.x86_64",
"product": {
"name": "python-lxml-devel-4.2.4-3.3.1.x86_64",
"product_id": "python-lxml-devel-4.2.4-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-Pillow-5.2.0-3.17.1.x86_64",
"product": {
"name": "python3-Pillow-5.2.0-3.17.1.x86_64",
"product_id": "python3-Pillow-5.2.0-3.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-lxml-4.2.4-3.3.1.x86_64",
"product": {
"name": "python3-lxml-4.2.4-3.3.1.x86_64",
"product_id": "python3-lxml-4.2.4-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-lxml-devel-4.2.4-3.3.1.x86_64",
"product": {
"name": "python3-lxml-devel-4.2.4-3.3.1.x86_64",
"product_id": "python3-lxml-devel-4.2.4-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64",
"product_id": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.x86_64",
"product_id": "ruby2.1-rubygem-sinatra-doc-1.4.6-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.x86_64",
"product_id": "ruby2.1-rubygem-sinatra-testsuite-1.4.6-4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch"
},
"product_reference": "ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-6.7.4-3.26.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64"
},
"product_reference": "grafana-6.7.4-3.26.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch"
},
"product_reference": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
},
"product_reference": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-keystone-14.2.1~dev9-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch"
},
"product_reference": "openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
},
"product_reference": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Pillow-5.2.0-3.17.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64"
},
"product_reference": "python-Pillow-5.2.0-3.17.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch"
},
"product_reference": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-barbican-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "python-barbican-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cinder-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "python-cinder-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch"
},
"product_reference": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
},
"product_reference": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ironic-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "python-ironic-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-keystone-14.2.1~dev9-3.28.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch"
},
"product_reference": "python-keystone-14.2.1~dev9-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-lxml-4.2.4-3.3.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64"
},
"product_reference": "python-lxml-4.2.4-3.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-neutron-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "python-neutron-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
},
"product_reference": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch"
},
"product_reference": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch"
},
"product_reference": "venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch"
},
"product_reference": "venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch"
},
"product_reference": "venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch"
},
"product_reference": "venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch"
},
"product_reference": "venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch"
},
"product_reference": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch"
},
"product_reference": "venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch"
},
"product_reference": "venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch"
},
"product_reference": "venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch"
},
"product_reference": "venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch"
},
"product_reference": "venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch"
},
"product_reference": "venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch"
},
"product_reference": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch"
},
"product_reference": "venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch"
},
"product_reference": "venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch"
},
"product_reference": "venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch"
},
"product_reference": "venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-6.7.4-3.26.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64"
},
"product_reference": "grafana-6.7.4-3.26.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch"
},
"product_reference": "openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
},
"product_reference": "openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-keystone-14.2.1~dev9-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch"
},
"product_reference": "openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
},
"product_reference": "openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Pillow-5.2.0-3.17.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64"
},
"product_reference": "python-Pillow-5.2.0-3.17.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch"
},
"product_reference": "python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-barbican-7.0.1~dev24-3.14.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch"
},
"product_reference": "python-barbican-7.0.1~dev24-3.14.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cinder-13.0.10~dev24-3.34.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch"
},
"product_reference": "python-cinder-13.0.10~dev24-3.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch"
},
"product_reference": "python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch"
},
"product_reference": "python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ironic-11.1.5~dev18-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch"
},
"product_reference": "python-ironic-11.1.5~dev18-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-keystone-14.2.1~dev9-3.28.2.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch"
},
"product_reference": "python-keystone-14.2.1~dev9-3.28.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-lxml-4.2.4-3.3.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64"
},
"product_reference": "python-lxml-4.2.4-3.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-neutron-13.0.8~dev206-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch"
},
"product_reference": "python-neutron-13.0.8~dev206-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch"
},
"product_reference": "python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch"
},
"product_reference": "release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-19787",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19787"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by \"j a v a s c r i p t:\" in Internet Explorer. This is a similar issue to CVE-2014-3146.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19787",
"url": "https://www.suse.com/security/cve/CVE-2018-19787"
},
{
"category": "external",
"summary": "SUSE Bug 1118088 for CVE-2018-19787",
"url": "https://bugzilla.suse.com/1118088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2018-19787"
},
{
"cve": "CVE-2020-27783",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27783"
}
],
"notes": [
{
"category": "general",
"text": "A XSS vulnerability was discovered in python-lxml\u0027s clean module. The module\u0027s parser didn\u0027t properly imitate browsers, which caused different behaviors between the sanitizer and the user\u0027s page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27783",
"url": "https://www.suse.com/security/cve/CVE-2020-27783"
},
{
"category": "external",
"summary": "SUSE Bug 1179534 for CVE-2020-27783",
"url": "https://bugzilla.suse.com/1179534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2020-27783"
},
{
"cve": "CVE-2021-28957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28957"
}
],
"notes": [
{
"category": "general",
"text": "An XSS vulnerability was discovered in python-lxml\u0027s clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28957",
"url": "https://www.suse.com/security/cve/CVE-2021-28957"
},
{
"category": "external",
"summary": "SUSE Bug 1184177 for CVE-2021-28957",
"url": "https://bugzilla.suse.com/1184177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2021-28957"
},
{
"cve": "CVE-2021-38155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38155"
}
],
"notes": [
{
"category": "general",
"text": "OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account\u0027s corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38155",
"url": "https://www.suse.com/security/cve/CVE-2021-38155"
},
{
"category": "external",
"summary": "SUSE Bug 1189390 for CVE-2021-38155",
"url": "https://bugzilla.suse.com/1189390"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "important"
}
],
"title": "CVE-2021-38155"
},
{
"cve": "CVE-2021-40085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-40085"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-40085",
"url": "https://www.suse.com/security/cve/CVE-2021-40085"
},
{
"category": "external",
"summary": "SUSE Bug 1189794 for CVE-2021-40085",
"url": "https://bugzilla.suse.com/1189794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "important"
}
],
"title": "CVE-2021-40085"
},
{
"cve": "CVE-2021-41182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41182"
}
],
"notes": [
{
"category": "general",
"text": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41182",
"url": "https://www.suse.com/security/cve/CVE-2021-41182"
},
{
"category": "external",
"summary": "SUSE Bug 1192070 for CVE-2021-41182",
"url": "https://bugzilla.suse.com/1192070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2021-41182"
},
{
"cve": "CVE-2021-41183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41183"
}
],
"notes": [
{
"category": "general",
"text": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41183",
"url": "https://www.suse.com/security/cve/CVE-2021-41183"
},
{
"category": "external",
"summary": "SUSE Bug 1192075 for CVE-2021-41183",
"url": "https://bugzilla.suse.com/1192075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2021-41183"
},
{
"cve": "CVE-2021-41184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41184"
}
],
"notes": [
{
"category": "general",
"text": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41184",
"url": "https://www.suse.com/security/cve/CVE-2021-41184"
},
{
"category": "external",
"summary": "SUSE Bug 1192073 for CVE-2021-41184",
"url": "https://bugzilla.suse.com/1192073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-43813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43813"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43813",
"url": "https://www.suse.com/security/cve/CVE-2021-43813"
},
{
"category": "external",
"summary": "SUSE Bug 1193686 for CVE-2021-43813",
"url": "https://bugzilla.suse.com/1193686"
},
{
"category": "external",
"summary": "SUSE Bug 1193688 for CVE-2021-43813",
"url": "https://bugzilla.suse.com/1193688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2021-43813"
},
{
"cve": "CVE-2021-43818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43818"
}
],
"notes": [
{
"category": "general",
"text": "lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43818",
"url": "https://www.suse.com/security/cve/CVE-2021-43818"
},
{
"category": "external",
"summary": "SUSE Bug 1193752 for CVE-2021-43818",
"url": "https://bugzilla.suse.com/1193752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2021-43818"
},
{
"cve": "CVE-2021-44716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-44716"
}
],
"notes": [
{
"category": "general",
"text": "net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-44716",
"url": "https://www.suse.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "SUSE Bug 1193597 for CVE-2021-44716",
"url": "https://bugzilla.suse.com/1193597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "important"
}
],
"title": "CVE-2021-44716"
},
{
"cve": "CVE-2022-22815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22815"
}
],
"notes": [
{
"category": "general",
"text": "path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22815",
"url": "https://www.suse.com/security/cve/CVE-2022-22815"
},
{
"category": "external",
"summary": "SUSE Bug 1194552 for CVE-2022-22815",
"url": "https://bugzilla.suse.com/1194552"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "low"
}
],
"title": "CVE-2022-22815"
},
{
"cve": "CVE-2022-22816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22816"
}
],
"notes": [
{
"category": "general",
"text": "path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22816",
"url": "https://www.suse.com/security/cve/CVE-2022-22816"
},
{
"category": "external",
"summary": "SUSE Bug 1194551 for CVE-2022-22816",
"url": "https://bugzilla.suse.com/1194551"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "low"
}
],
"title": "CVE-2022-22816"
},
{
"cve": "CVE-2022-22817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22817"
}
],
"notes": [
{
"category": "general",
"text": "PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22817",
"url": "https://www.suse.com/security/cve/CVE-2022-22817"
},
{
"category": "external",
"summary": "SUSE Bug 1194521 for CVE-2022-22817",
"url": "https://bugzilla.suse.com/1194521"
},
{
"category": "external",
"summary": "SUSE Bug 1219048 for CVE-2022-22817",
"url": "https://bugzilla.suse.com/1219048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2022-22817"
},
{
"cve": "CVE-2022-23451",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23451"
}
],
"notes": [
{
"category": "general",
"text": "An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23451",
"url": "https://www.suse.com/security/cve/CVE-2022-23451"
},
{
"category": "external",
"summary": "SUSE Bug 1194952 for CVE-2022-23451",
"url": "https://bugzilla.suse.com/1194952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2022-23451"
},
{
"cve": "CVE-2022-23452",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23452"
}
],
"notes": [
{
"category": "general",
"text": "An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23452",
"url": "https://www.suse.com/security/cve/CVE-2022-23452"
},
{
"category": "external",
"summary": "SUSE Bug 1194954 for CVE-2022-23452",
"url": "https://bugzilla.suse.com/1194954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "moderate"
}
],
"title": "CVE-2022-23452"
},
{
"cve": "CVE-2022-29970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-29970"
}
],
"notes": [
{
"category": "general",
"text": "Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-29970",
"url": "https://www.suse.com/security/cve/CVE-2022-29970"
},
{
"category": "external",
"summary": "SUSE Bug 1199138 for CVE-2022-29970",
"url": "https://bugzilla.suse.com/1199138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.26.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-api-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-retry-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-barbican-worker-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-api-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-backup-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-scheduler-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-cinder-volume-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-api-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-ironic-conductor-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-ha-tool-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-l3-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-metering-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-server-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.17.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-XStatic-jquery-ui-1.13.0.1-4.3.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-barbican-7.0.1~dev24-3.14.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-cinder-13.0.10~dev24-3.34.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-heat-gbp-14.0.1~dev4-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-ironic-11.1.5~dev18-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-keystone-14.2.1~dev9-3.28.2.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-lxml-4.2.4-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-13.0.8~dev206-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev33-3.31.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:release-notes-suse-openstack-cloud-9.20220413-3.30.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-sinatra-1.4.6-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:55:52Z",
"details": "important"
}
],
"title": "CVE-2022-29970"
}
]
}
rhsa-2022:4711
Vulnerability from csaf_redhat
Published
2022-05-26 16:25
Modified
2025-08-03 03:15
Summary
Red Hat Security Advisory: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update
Notes
Topic
Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
Security Fix(es):
* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)
* nodejs-trim-off-newlines: ReDoS via string processing (CVE-2021-23425)
* normalize-url: ReDoS for data URLs (CVE-2021-33502)
* jquery-ui: XSS in the altField option of the datepicker widget (CVE-2021-41182)
* jquery-ui: XSS in *Text options of the datepicker widget (CVE-2021-41183)
* jquery-ui: XSS in the 'of' option of the .position() util (CVE-2021-41184)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
A list of bugs fixed in this update is available in the Technical Notes book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.\n\nSecurity Fix(es):\n\n* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)\n\n* nodejs-trim-off-newlines: ReDoS via string processing (CVE-2021-23425)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* jquery-ui: XSS in the altField option of the datepicker widget (CVE-2021-41182)\n\n* jquery-ui: XSS in *Text options of the datepicker widget (CVE-2021-41183)\n\n* jquery-ui: XSS in the \u0027of\u0027 option of the .position() util (CVE-2021-41184)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nA list of bugs fixed in this update is available in the Technical Notes book:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:4711",
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes",
"url": "https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes"
},
{
"category": "external",
"summary": "655153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=655153"
},
{
"category": "external",
"summary": "977778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=977778"
},
{
"category": "external",
"summary": "1624015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1624015"
},
{
"category": "external",
"summary": "1648985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648985"
},
{
"category": "external",
"summary": "1667517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667517"
},
{
"category": "external",
"summary": "1687845",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1687845"
},
{
"category": "external",
"summary": "1781241",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781241"
},
{
"category": "external",
"summary": "1782056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782056"
},
{
"category": "external",
"summary": "1849169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849169"
},
{
"category": "external",
"summary": "1878930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1878930"
},
{
"category": "external",
"summary": "1922977",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922977"
},
{
"category": "external",
"summary": "1926625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926625"
},
{
"category": "external",
"summary": "1927985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927985"
},
{
"category": "external",
"summary": "1944290",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944290"
},
{
"category": "external",
"summary": "1944834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944834"
},
{
"category": "external",
"summary": "1956295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956295"
},
{
"category": "external",
"summary": "1959186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959186"
},
{
"category": "external",
"summary": "1964208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964208"
},
{
"category": "external",
"summary": "1964461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964461"
},
{
"category": "external",
"summary": "1971622",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971622"
},
{
"category": "external",
"summary": "1974741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974741"
},
{
"category": "external",
"summary": "1979441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979441"
},
{
"category": "external",
"summary": "1979797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979797"
},
{
"category": "external",
"summary": "1980192",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980192"
},
{
"category": "external",
"summary": "1986726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986726"
},
{
"category": "external",
"summary": "1986834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986834"
},
{
"category": "external",
"summary": "1987121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1987121"
},
{
"category": "external",
"summary": "1988496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988496"
},
{
"category": "external",
"summary": "1990462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990462"
},
{
"category": "external",
"summary": "1991240",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991240"
},
{
"category": "external",
"summary": "1995793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995793"
},
{
"category": "external",
"summary": "1996123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996123"
},
{
"category": "external",
"summary": "1998255",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998255"
},
{
"category": "external",
"summary": "1999698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999698"
},
{
"category": "external",
"summary": "2000031",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000031"
},
{
"category": "external",
"summary": "2002283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2002283"
},
{
"category": "external",
"summary": "2003883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003883"
},
{
"category": "external",
"summary": "2003996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003996"
},
{
"category": "external",
"summary": "2006602",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006602"
},
{
"category": "external",
"summary": "2006745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006745"
},
{
"category": "external",
"summary": "2007384",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007384"
},
{
"category": "external",
"summary": "2007557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557"
},
{
"category": "external",
"summary": "2008798",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008798"
},
{
"category": "external",
"summary": "2010203",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010203"
},
{
"category": "external",
"summary": "2010903",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010903"
},
{
"category": "external",
"summary": "2013928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013928"
},
{
"category": "external",
"summary": "2014888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014888"
},
{
"category": "external",
"summary": "2015796",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015796"
},
{
"category": "external",
"summary": "2019144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019144"
},
{
"category": "external",
"summary": "2019148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019148"
},
{
"category": "external",
"summary": "2019153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019153"
},
{
"category": "external",
"summary": "2021217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021217"
},
{
"category": "external",
"summary": "2023250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023250"
},
{
"category": "external",
"summary": "2023786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023786"
},
{
"category": "external",
"summary": "2024202",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024202"
},
{
"category": "external",
"summary": "2025936",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025936"
},
{
"category": "external",
"summary": "2030596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030596"
},
{
"category": "external",
"summary": "2030663",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030663"
},
{
"category": "external",
"summary": "2031027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031027"
},
{
"category": "external",
"summary": "2035051",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035051"
},
{
"category": "external",
"summary": "2037115",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037115"
},
{
"category": "external",
"summary": "2037121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037121"
},
{
"category": "external",
"summary": "2040361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040361"
},
{
"category": "external",
"summary": "2040402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040402"
},
{
"category": "external",
"summary": "2040474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040474"
},
{
"category": "external",
"summary": "2041544",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041544"
},
{
"category": "external",
"summary": "2043146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043146"
},
{
"category": "external",
"summary": "2044273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044273"
},
{
"category": "external",
"summary": "2048546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048546"
},
{
"category": "external",
"summary": "2050566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050566"
},
{
"category": "external",
"summary": "2050614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050614"
},
{
"category": "external",
"summary": "2051857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051857"
},
{
"category": "external",
"summary": "2052557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052557"
},
{
"category": "external",
"summary": "2052690",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052690"
},
{
"category": "external",
"summary": "2054756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054756"
},
{
"category": "external",
"summary": "2055136",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055136"
},
{
"category": "external",
"summary": "2056021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056021"
},
{
"category": "external",
"summary": "2056052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056052"
},
{
"category": "external",
"summary": "2056126",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056126"
},
{
"category": "external",
"summary": "2058264",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058264"
},
{
"category": "external",
"summary": "2059521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2059521"
},
{
"category": "external",
"summary": "2059877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2059877"
},
{
"category": "external",
"summary": "2061904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061904"
},
{
"category": "external",
"summary": "2065052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065052"
},
{
"category": "external",
"summary": "2066084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066084"
},
{
"category": "external",
"summary": "2066283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066283"
},
{
"category": "external",
"summary": "2069972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069972"
},
{
"category": "external",
"summary": "2070156",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070156"
},
{
"category": "external",
"summary": "2071468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071468"
},
{
"category": "external",
"summary": "2072637",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072637"
},
{
"category": "external",
"summary": "2072639",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072639"
},
{
"category": "external",
"summary": "2072641",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072641"
},
{
"category": "external",
"summary": "2072642",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072642"
},
{
"category": "external",
"summary": "2072645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072645"
},
{
"category": "external",
"summary": "2072646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072646"
},
{
"category": "external",
"summary": "2075352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075352"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4711.json"
}
],
"title": "Red Hat Security Advisory: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update",
"tracking": {
"current_release_date": "2025-08-03T03:15:30+00:00",
"generator": {
"date": "2025-08-03T03:15:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2022:4711",
"initial_release_date": "2022-05-26T16:25:03+00:00",
"revision_history": [
{
"date": "2022-05-26T16:25:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-05-26T16:25:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T03:15:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product": {
"name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhev_manager:4.4:el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.src",
"product": {
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.src",
"product_id": "ovirt-dependencies-0:4.5.1-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-dependencies@4.5.1-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.src",
"product": {
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.src",
"product_id": "ovirt-log-collector-0:4.4.5-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-log-collector@4.4.5-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"product": {
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"product_id": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.13-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "engine-db-query-0:1.6.4-1.el8ev.src",
"product": {
"name": "engine-db-query-0:1.6.4-1.el8ev.src",
"product_id": "engine-db-query-0:1.6.4-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/engine-db-query@1.6.4-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"product": {
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"product_id": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-jsonrpc-java@1.7.1-2.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-sshd-1:2.8.0-0.1.el8ev.src",
"product": {
"name": "apache-sshd-1:2.8.0-0.1.el8ev.src",
"product_id": "apache-sshd-1:2.8.0-0.1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-sshd@2.8.0-0.1.el8ev?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"product": {
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"product_id": "rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-setup-plugins@4.5.0-2.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"product": {
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"product_id": "rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-branding-rhv@4.4.11-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"product": {
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"product_id": "ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.5.2-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.src",
"product": {
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.src",
"product_id": "ovirt-web-ui-0:1.8.1-2.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-web-ui@1.8.1-2.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"product": {
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"product_id": "ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-metrics@1.6.0-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ansible-runner-0:2.1.3-1.el8ev.src",
"product": {
"name": "ansible-runner-0:2.1.3-1.el8ev.src",
"product_id": "ansible-runner-0:2.1.3-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-runner@2.1.3-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"product": {
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"product_id": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-ui-extensions@1.3.3-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"product": {
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"product_id": "ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine@4.5.0.7-0.9.el8ev?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"product": {
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"product_id": "ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-dependencies@4.5.1-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"product": {
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"product_id": "ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-log-collector@4.4.5-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"product": {
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"product_id": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.13-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "engine-db-query-0:1.6.4-1.el8ev.noarch",
"product": {
"name": "engine-db-query-0:1.6.4-1.el8ev.noarch",
"product_id": "engine-db-query-0:1.6.4-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/engine-db-query@1.6.4-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"product": {
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"product_id": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-jsonrpc-java@1.7.1-2.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch",
"product": {
"name": "vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch",
"product_id": "vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-jsonrpc-java-javadoc@1.7.1-2.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"product": {
"name": "apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"product_id": "apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-sshd@2.8.0-0.1.el8ev?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"product": {
"name": "apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"product_id": "apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-sshd-javadoc@2.8.0-0.1.el8ev?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"product": {
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"product_id": "rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-setup-plugins@4.5.0-2.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"product": {
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"product_id": "rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-branding-rhv@4.4.11-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"product_id": "ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.5.2-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"product_id": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh-grafana-integration-setup@4.5.2-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"product_id": "ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh-setup@4.5.2-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"product": {
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"product_id": "ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-web-ui@1.8.1-2.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"product_id": "ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-metrics@1.6.0-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-runner-0:2.1.3-1.el8ev.noarch",
"product": {
"name": "ansible-runner-0:2.1.3-1.el8ev.noarch",
"product_id": "ansible-runner-0:2.1.3-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-runner@2.1.3-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"product": {
"name": "python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"product_id": "python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-ansible-runner@2.1.3-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"product_id": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-ui-extensions@1.3.3-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-backend@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-tools@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ovirt-engine-lib@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"product": {
"name": "rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"product_id": "rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm@4.5.0.7-0.9.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python38-docutils-0:0.14-12.4.el8ev.noarch",
"product": {
"name": "python38-docutils-0:0.14-12.4.el8ev.noarch",
"product_id": "python38-docutils-0:0.14-12.4.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python38-docutils@0.14-12.4.el8ev?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-runner-0:2.1.3-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch"
},
"product_reference": "ansible-runner-0:2.1.3-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-runner-0:2.1.3-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src"
},
"product_reference": "ansible-runner-0:2.1.3-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-sshd-1:2.8.0-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch"
},
"product_reference": "apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-sshd-1:2.8.0-0.1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src"
},
"product_reference": "apache-sshd-1:2.8.0-0.1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch"
},
"product_reference": "apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "engine-db-query-0:1.6.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch"
},
"product_reference": "engine-db-query-0:1.6.4-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "engine-db-query-0:1.6.4-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src"
},
"product_reference": "engine-db-query-0:1.6.4-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch"
},
"product_reference": "ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-dependencies-0:4.5.1-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src"
},
"product_reference": "ovirt-dependencies-0:4.5.1-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-0:4.5.0.7-0.9.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src"
},
"product_reference": "ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-0:4.5.2-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src"
},
"product_reference": "ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-metrics-0:1.6.0-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src"
},
"product_reference": "ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src"
},
"product_reference": "ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch"
},
"product_reference": "ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-log-collector-0:4.4.5-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src"
},
"product_reference": "ovirt-log-collector-0:4.4.5-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch"
},
"product_reference": "ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-web-ui-0:1.8.1-2.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src"
},
"product_reference": "ovirt-web-ui-0:1.8.1-2.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-ansible-runner-0:2.1.3-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch"
},
"product_reference": "python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-docutils-0:0.14-12.4.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch"
},
"product_reference": "python38-docutils-0:0.14-12.4.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch"
},
"product_reference": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src"
},
"product_reference": "rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-0:4.5.0.7-0.9.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
},
"product_reference": "rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch"
},
"product_reference": "rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-branding-rhv-0:4.4.11-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src"
},
"product_reference": "rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch"
},
"product_reference": "rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-setup-plugins-0:4.5.0-2.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src"
},
"product_reference": "rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch"
},
"product_reference": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src"
},
"product_reference": "vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
},
"product_reference": "vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3807",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-09-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2007557"
}
],
"notes": [
{
"category": "description",
"text": "A regular expression denial of service (ReDoS) vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw requires crafted invalid ANSI escape codes in order to be exploited and only allows for denial of service of applications on the client side, hence the impact has been rated as Moderate.\n\nIn Red Hat Virtualization and Red Hat Quay some components use a vulnerable version of ansi-regex. However, all frontend code is executed on the client side. As the maximum impact of this vulnerability is denial of service in the client, the vulnerability is rated Moderate for those products.\n\nOpenShift Container Platform 4 (OCP) ships affected version of ansi-regex in the ose-metering-hadoop container, however the metering operator is deprecated since 4.6[1]. This issue is not currently planned to be addressed in future updates and hence hadoop container has been marked as \u0027will not fix\u0027.\n\nAdvanced Cluster Management for Kubernetes (RHACM) ships the affected version of ansi-regex in several containers, however the impact of this vulnerability is deemed low as it would result in an authenticated slowing down their own user interface. \n\n[1] https://docs.openshift.com/container-platform/4.6/metering/metering-about-metering.html",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3807"
},
{
"category": "external",
"summary": "RHBZ#2007557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994",
"url": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994"
}
],
"release_date": "2021-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes"
},
{
"cve": "CVE-2021-23425",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-08-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1995793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-trim-off-newlines. All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-trim-off-newlines: ReDoS via string processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Directory Server 11 Web UI requires trim-off-newlines as a dependency, but it is not used in the 389-ds cockpit plugin, and not shipped as part of the RPM binary. Thus Red Hat Directory Server 11 is not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23425"
},
{
"category": "external",
"summary": "RHBZ#1995793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23425"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-TRIMOFFNEWLINES-1296850",
"url": "https://snyk.io/vuln/SNYK-JS-TRIMOFFNEWLINES-1296850"
}
],
"release_date": "2021-05-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-trim-off-newlines: ReDoS via string processing"
},
{
"cve": "CVE-2021-33502",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-05-24T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1964461"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in normalize-url. Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-normalize-url: ReDoS for data URLs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33502"
},
{
"category": "external",
"summary": "RHBZ#1964461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964461"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33502",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33502"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33502",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33502"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539",
"url": "https://snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539"
}
],
"release_date": "2021-05-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-normalize-url: ReDoS for data URLs"
},
{
"cve": "CVE-2021-41182",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2021-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2019144"
}
],
"notes": [
{
"category": "description",
"text": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery-ui: XSS in the altField option of the datepicker widget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41182"
},
{
"category": "external",
"summary": "RHBZ#2019144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019144"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41182"
}
],
"release_date": "2021-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery-ui: XSS in the altField option of the datepicker widget"
},
{
"cve": "CVE-2021-41183",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2021-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2019148"
}
],
"notes": [
{
"category": "description",
"text": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery-ui: XSS in *Text options of the datepicker widget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41183"
},
{
"category": "external",
"summary": "RHBZ#2019148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019148"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41183"
}
],
"release_date": "2021-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery-ui: XSS in *Text options of the datepicker widget"
},
{
"cve": "CVE-2021-41184",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2021-10-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2019153"
}
],
"notes": [
{
"category": "description",
"text": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery-ui: XSS in the \u0027of\u0027 option of the .position() util",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41184"
},
{
"category": "external",
"summary": "RHBZ#2019153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019153"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41184"
}
],
"release_date": "2021-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-26T16:25:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4711"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ansible-runner-0:2.1.3-1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:apache-sshd-1:2.8.0-0.1.el8ev.src",
"8Base-RHV-S-4.4:apache-sshd-javadoc-1:2.8.0-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.0.7-0.9.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.6.0-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.8.1-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:python38-ansible-runner-0:2.1.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:python38-docutils-0:0.14-12.4.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.13-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.0.7-0.9.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.11-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-setup-plugins-0:4.5.0-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.1-2.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.1-2.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery-ui: XSS in the \u0027of\u0027 option of the .position() util"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…