CVE-2023-49568 - Vulnerability Details

A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability. This is a go-git implementation issue and does not affect the upstream git cli.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Go-git Project	Go-git
Redhat	Acm Advanced Cluster Security Ceph Storage Multicluster Globalhub Openshift Openshift Builds Openshift Gitops Openshift Serverless Serverless

Configuration 1 [-]

cpe:2.3:a:go-git_project:go-git:*:*:*:*:*:go:*:*

Package	CPE	Advisory	Released Date
multicluster-globalhub 1.0 for RHEL 8
multicluster-globalhub/multicluster-globalhub-grafana-rhel8:v1.0.2-4	cpe:/a:redhat:multicluster_globalhub:1.0::el8	RHSA-2024:0989	2024-02-26T00:00:00Z
OPENSHIFT-BUILDS-1.0-RHEL-8
openshift-builds/openshift-builds-controller-rhel8:v1.0.1-4	cpe:/a:redhat:openshift_builds:1.0::el8	RHSA-2024:1557	2024-03-28T00:00:00Z
openshift-builds/openshift-builds-git-cloner-rhel8:v1.0.1-4	cpe:/a:redhat:openshift_builds:1.0::el8	RHSA-2024:1557	2024-03-28T00:00:00Z
openshift-builds/openshift-builds-image-bundler-rhel8:v1.0.1-4	cpe:/a:redhat:openshift_builds:1.0::el8	RHSA-2024:1557	2024-03-28T00:00:00Z
openshift-builds/openshift-builds-image-processing-rhel8:v1.0.1-4	cpe:/a:redhat:openshift_builds:1.0::el8	RHSA-2024:1557	2024-03-28T00:00:00Z
openshift-builds/openshift-builds-operator-bundle:v1.0.1-11	cpe:/a:redhat:openshift_builds:1.0::el8	RHSA-2024:1557	2024-03-28T00:00:00Z
openshift-builds/openshift-builds-rhel8-operator:v1.0.1-6	cpe:/a:redhat:openshift_builds:1.0::el8	RHSA-2024:1557	2024-03-28T00:00:00Z
openshift-builds/openshift-builds-waiters-rhel8:v1.0.1-4	cpe:/a:redhat:openshift_builds:1.0::el8	RHSA-2024:1557	2024-03-28T00:00:00Z
openshift-builds/openshift-builds-webhook-rhel8:v1.0.1-4	cpe:/a:redhat:openshift_builds:1.0::el8	RHSA-2024:1557	2024-03-28T00:00:00Z
Openshift Serverless 1 on RHEL 8
openshift-serverless-clients-0:1.10.0-6.el8	cpe:/a:redhat:serverless:1.0::el8	RHSA-2024:0880	2024-02-20T00:00:00Z
Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8
rhacm2/acm-governance-policy-addon-controller-rhel8:v2.7.11-6	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/acm-governance-policy-framework-addon-rhel8:v2.7.11-6	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/acm-grafana-rhel8:v2.7.11-6	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/acm-must-gather-rhel8:v2.7.11-5	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/acm-operator-bundle:v2.7.11-14	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/acm-prometheus-config-reloader-rhel8:v2.7.11-5	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/acm-prometheus-rhel8:v2.7.11-5	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/acm-search-indexer-rhel8:v2.7.11-4	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/acm-search-v2-api-rhel8:v2.7.11-5	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/acm-search-v2-rhel8:v2.7.11-5	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/acm-volsync-addon-controller-rhel8:v2.7.11-6	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/cert-policy-controller-rhel8:v2.7.11-7	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/cluster-backup-rhel8-operator:v2.7.11-10	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/config-policy-controller-rhel8:v2.7.11-6	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/console-rhel8:v2.7.11-6	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/endpoint-monitoring-rhel8-operator:v2.7.11-5	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/governance-policy-propagator-rhel8:v2.7.11-5	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/grafana-dashboard-loader-rhel8:v2.7.11-4	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/iam-policy-controller-rhel8:v2.7.11-7	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/insights-client-rhel8:v2.7.11-5	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/insights-metrics-rhel8:v2.7.11-6	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/klusterlet-addon-controller-rhel8:v2.7.11-5	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/kube-rbac-proxy-rhel8:v2.7.11-5	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/kube-state-metrics-rhel8:v2.7.11-5	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/memcached-exporter-rhel8:v2.7.11-5	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/memcached-rhel8:v2.7.11-5	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/metrics-collector-rhel8:v2.7.11-4	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/multicloud-integrations-rhel8:v2.7.11-6	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/multiclusterhub-rhel8:v2.7.11-7	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/multicluster-observability-rhel8-operator:v2.7.11-4	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/multicluster-operators-application-rhel8:v2.7.11-5	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/multicluster-operators-channel-rhel8:v2.7.11-5	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/multicluster-operators-subscription-rhel8:v2.7.11-6	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/node-exporter-rhel8:v2.7.11-5	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/observatorium-rhel8:v2.7.11-5	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/observatorium-rhel8-operator:v2.7.11-6	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/prometheus-alertmanager-rhel8:v2.7.11-5	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/prometheus-rhel8:v2.7.11-5	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/rbac-query-proxy-rhel8:v2.7.11-4	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/search-collector-rhel8:v2.7.11-5	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/submariner-addon-rhel8:v2.7.11-7	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/thanos-receive-controller-rhel8:v2.7.11-5	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
rhacm2/thanos-rhel8:v2.7.11-6	cpe:/a:redhat:acm:2.7::el8	RHSA-2024:0729	2024-02-07T00:00:00Z
Red Hat Advanced Cluster Management for Kubernetes 2.8 for RHEL 8
rhacm2/multicluster-operators-subscription-rhel8:v2.8.5-6	cpe:/a:redhat:acm:2.8::el8	RHSA-2024:0820	2024-02-14T00:00:00Z
Red Hat Advanced Cluster Management for Kubernetes 2.9 for RHEL 8
rhacm2/multicluster-operators-subscription-rhel8:v2.9.2-2	cpe:/a:redhat:acm:2.9::el8	RHSA-2024:0298	2024-01-18T00:00:00Z
Red Hat Advanced Cluster Security 4.4
advanced-cluster-security/rhacs-central-db-rhel8:4.4.0-9	cpe:/a:redhat:advanced_cluster_security:4.4::el8	RHSA-2024:1570	2024-03-28T00:00:00Z
advanced-cluster-security/rhacs-main-rhel8:4.4.0-17	cpe:/a:redhat:advanced_cluster_security:4.4::el8	RHSA-2024:1570	2024-03-28T00:00:00Z
advanced-cluster-security/rhacs-rhel8-operator:4.4.0-9	cpe:/a:redhat:advanced_cluster_security:4.4::el8	RHSA-2024:1570	2024-03-28T00:00:00Z
advanced-cluster-security/rhacs-roxctl-rhel8:4.4.0-9	cpe:/a:redhat:advanced_cluster_security:4.4::el8	RHSA-2024:1570	2024-03-28T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-rhel8:4.4.0-11	cpe:/a:redhat:advanced_cluster_security:4.4::el8	RHSA-2024:1570	2024-03-28T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.4.0-2	cpe:/a:redhat:advanced_cluster_security:4.4::el8	RHSA-2024:1570	2024-03-28T00:00:00Z
advanced-cluster-security/rhacs-scanner-rhel8:4.4.0-11	cpe:/a:redhat:advanced_cluster_security:4.4::el8	RHSA-2024:1570	2024-03-28T00:00:00Z
advanced-cluster-security/rhacs-scanner-slim-rhel8:4.4.0-11	cpe:/a:redhat:advanced_cluster_security:4.4::el8	RHSA-2024:1570	2024-03-28T00:00:00Z
Red Hat Ceph Storage 7.1
ceph-2:18.2.1-194.el8cp	cpe:/a:redhat:ceph_storage:7.1::el8	RHSA-2024:3925	2024-06-14T00:00:00Z
Red Hat OpenShift Container Platform 4.12
openshift4/ose-ansible-operator:v4.12.0-202402081808.p0.g0bd975e.assembly.stream.el8	cpe:/a:redhat:openshift:4.12::el8	RHSA-2024:0832	2024-02-21T00:00:00Z
openshift4/ose-helm-operator:v4.12.0-202402081808.p0.g0bd975e.assembly.stream.el8	cpe:/a:redhat:openshift:4.12::el8	RHSA-2024:0832	2024-02-21T00:00:00Z
openshift4/ose-operator-sdk-rhel8:v4.12.0-202402081808.p0.g0bd975e.assembly.stream.el8	cpe:/a:redhat:openshift:4.12::el8	RHSA-2024:0832	2024-02-21T00:00:00Z
openshift4/ose-operator-lifecycle-manager:v4.12.0-202402111607.p0.g9dd28b4.assembly.stream.el8	cpe:/a:redhat:openshift:4.12::el8	RHSA-2024:0833	2024-02-21T00:00:00Z
openshift4/ose-operator-registry:v4.12.0-202402111607.p0.g9dd28b4.assembly.stream.el8	cpe:/a:redhat:openshift:4.12::el8	RHSA-2024:0833	2024-02-21T00:00:00Z
redhat/redhat-operator-index:v4.12.0-202402111607.p0.g9dd28b4.assembly.stream.el8	cpe:/a:redhat:openshift:4.12::el8	RHSA-2024:0833	2024-02-21T00:00:00Z
openshift4/ose-olm-rukpak-rhel8:v4.12.0-202402161937.p0.gf219ce7.assembly.stream.el8	cpe:/a:redhat:openshift:4.12::el8	RHSA-2024:1052	2024-03-06T00:00:00Z
openshift4/oc-mirror-plugin-rhel8:v4.12.0-202404171248.p0.g3f39dc6.assembly.stream.el8	cpe:/a:redhat:openshift:4.12::el8	RHSA-2024:1896	2024-04-25T00:00:00Z
Red Hat OpenShift Container Platform 4.13
openshift4/ose-ansible-operator:v4.13.0-202402020908.p0.g01bfabb.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2024:0740	2024-02-14T00:00:00Z
openshift4/ose-helm-operator:v4.13.0-202402020908.p0.g01bfabb.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2024:0740	2024-02-14T00:00:00Z
openshift4/ose-operator-sdk-rhel8:v4.13.0-202402071637.p0.g01bfabb.assembly.stream.el8	cpe:/a:redhat:openshift:4.13::el8	RHSA-2024:0740	2024-02-14T00:00:00Z
openshift4/ose-olm-rukpak-rhel8:v4.13.0-202402070238.p0.gaf47118.assembly.stream.el8	cpe:/a:redhat:openshift:4.13::el8	RHSA-2024:0741	2024-02-14T00:00:00Z
openshift4/ose-operator-lifecycle-manager:v4.13.0-202402081808.p0.g4cc5232.assembly.stream.el8	cpe:/a:redhat:openshift:4.13::el8	RHSA-2024:0845	2024-02-21T00:00:00Z
openshift4/ose-operator-registry:v4.13.0-202402081808.p0.g4cc5232.assembly.stream.el8	cpe:/a:redhat:openshift:4.13::el8	RHSA-2024:0845	2024-02-21T00:00:00Z
openshift4/oc-mirror-plugin-rhel8:v4.13.0-202404200313.p0.g02367d7.assembly.stream.el8	cpe:/a:redhat:openshift:4.13::el8	RHSA-2024:2047	2024-05-02T00:00:00Z
Red Hat OpenShift Container Platform 4.14
openshift4/ose-ansible-operator:v4.14.0-202401301709.p0.g0f0d1b2.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2024:0641	2024-02-07T00:00:00Z
openshift4/ose-helm-operator:v4.14.0-202401301709.p0.g0f0d1b2.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2024:0641	2024-02-07T00:00:00Z
openshift4/ose-operator-sdk-rhel8:v4.14.0-202401301709.p0.g0f0d1b2.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2024:0641	2024-02-07T00:00:00Z
openshift4/ose-olm-catalogd-rhel8:v4.14.0-202401292111.p0.ga333cb0.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2024:0642	2024-02-07T00:00:00Z
openshift4/ose-olm-operator-controller-rhel8:v4.14.0-202401292111.p0.gfb6fb27.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2024:0642	2024-02-07T00:00:00Z
openshift4/ose-operator-lifecycle-manager:v4.14.0-202402010409.p0.gb831504.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2024:0642	2024-02-07T00:00:00Z
openshift4/ose-operator-registry:v4.14.0-202402010409.p0.gb831504.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2024:0642	2024-02-07T00:00:00Z
redhat/redhat-operator-index:v4.14.0-202402010409.p0.gb831504.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2024:0642	2024-02-07T00:00:00Z
openshift4/ose-olm-rukpak-rhel8:v4.14.0-202402060410.p0.g2287fb2.assembly.stream	cpe:/a:redhat:openshift:4.14::el8	RHSA-2024:0735	2024-02-13T00:00:00Z
openshift4/oc-mirror-plugin-rhel8:v4.14.0-202404161544.p0.ga0733c1.assembly.stream.el8	cpe:/a:redhat:openshift:4.14::el8	RHSA-2024:1891	2024-04-26T00:00:00Z
openshift4/ose-tools-rhel8:v4.14.0-202406180839.p0.gaa6e2f2.assembly.stream.el8	cpe:/a:redhat:openshift:4.14::el8	RHSA-2024:4010	2024-06-26T00:00:00Z
Red Hat OpenShift Container Platform 4.15
openshift4/ose-tools-rhel8:v4.15.0-202406101406.p0.g44edfb5.assembly.stream.el8	cpe:/a:redhat:openshift:4.15::el8	RHSA-2024:3889	2024-06-18T00:00:00Z
openshift4/oc-mirror-plugin-rhel9:v4.15.0-202404161612.p0.g85c8f6f.assembly.stream.el9	cpe:/a:redhat:openshift:4.15::el9	RHSA-2024:1887	2024-04-25T00:00:00Z
Red Hat OpenShift GitOps 1.10
openshift-gitops-1/argocd-rhel8:v1.10.2-2	cpe:/a:redhat:openshift_gitops:1.10::el8	RHSA-2024:0692	2024-02-05T00:00:00Z
openshift-gitops-1/argo-rollouts-rhel8:v1.10.2-2	cpe:/a:redhat:openshift_gitops:1.10::el8	RHSA-2024:0692	2024-02-05T00:00:00Z
openshift-gitops-1/console-plugin-rhel8:v1.10.2-2	cpe:/a:redhat:openshift_gitops:1.10::el8	RHSA-2024:0692	2024-02-05T00:00:00Z
openshift-gitops-1/dex-rhel8:v1.10.2-2	cpe:/a:redhat:openshift_gitops:1.10::el8	RHSA-2024:0692	2024-02-05T00:00:00Z
openshift-gitops-1/gitops-operator-bundle:v1.10.2-2	cpe:/a:redhat:openshift_gitops:1.10::el8	RHSA-2024:0692	2024-02-05T00:00:00Z
openshift-gitops-1/gitops-rhel8:v1.10.2-2	cpe:/a:redhat:openshift_gitops:1.10::el8	RHSA-2024:0692	2024-02-05T00:00:00Z
openshift-gitops-1/gitops-rhel8-operator:v1.10.2-2	cpe:/a:redhat:openshift_gitops:1.10::el8	RHSA-2024:0692	2024-02-05T00:00:00Z
openshift-gitops-1/kam-delivery-rhel8:v1.10.2-2	cpe:/a:redhat:openshift_gitops:1.10::el8	RHSA-2024:0692	2024-02-05T00:00:00Z
openshift-gitops-1/must-gather-rhel8:v1.10.2-2	cpe:/a:redhat:openshift_gitops:1.10::el8	RHSA-2024:0692	2024-02-05T00:00:00Z
Red Hat OpenShift GitOps 1.9
openshift-gitops-1/argocd-rhel8:v1.9.4-1	cpe:/a:redhat:openshift_gitops:1.9::el9	RHSA-2024:0691	2024-02-05T00:00:00Z
openshift-gitops-1/argo-rollouts-rhel8:v1.9.4-1	cpe:/a:redhat:openshift_gitops:1.9::el9	RHSA-2024:0691	2024-02-05T00:00:00Z
openshift-gitops-1/console-plugin-rhel8:v1.9.4-1	cpe:/a:redhat:openshift_gitops:1.9::el9	RHSA-2024:0691	2024-02-05T00:00:00Z
openshift-gitops-1/dex-rhel8:v1.9.4-1	cpe:/a:redhat:openshift_gitops:1.9::el9	RHSA-2024:0691	2024-02-05T00:00:00Z
openshift-gitops-1/gitops-operator-bundle:v1.9.4-1	cpe:/a:redhat:openshift_gitops:1.9::el9	RHSA-2024:0691	2024-02-05T00:00:00Z
openshift-gitops-1/gitops-rhel8:v1.9.4-1	cpe:/a:redhat:openshift_gitops:1.9::el9	RHSA-2024:0691	2024-02-05T00:00:00Z
openshift-gitops-1/gitops-rhel8-operator:v1.9.4-1	cpe:/a:redhat:openshift_gitops:1.9::el9	RHSA-2024:0691	2024-02-05T00:00:00Z
openshift-gitops-1/kam-delivery-rhel8:v1.9.4-1	cpe:/a:redhat:openshift_gitops:1.9::el9	RHSA-2024:0691	2024-02-05T00:00:00Z
openshift-gitops-1/must-gather-rhel8:v1.9.4-1	cpe:/a:redhat:openshift_gitops:1.9::el9	RHSA-2024:0691	2024-02-05T00:00:00Z
RHOSS-1.31-RHEL-8
openshift-serverless-1/client-kn-rhel8:1.10.0-5	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/eventing-controller-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/eventing-istio-controller-rhel8:1.10.0-5	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.10.0-3	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.10.0-3	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.10.0-3	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-receiver-rhel8:1.10.0-3	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.10.0-3	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/eventing-mtping-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/eventing-storage-version-migration-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/eventing-webhook-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/func-utils-rhel8:1.31.1-2	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/ingress-rhel8-operator:1.31.1-2	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/knative-rhel8-operator:1.31.1-2	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/kn-cli-artifacts-rhel8:1.10.0-3	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/kourier-control-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/net-istio-controller-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/net-istio-webhook-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/serverless-operator-bundle:1.31.1-1	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/serverless-rhel8-operator:1.31.1-2	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/serving-activator-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/serving-autoscaler-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/serving-controller-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/serving-domain-mapping-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/serving-queue-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/serving-storage-version-migration-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/serving-webhook-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1/svls-must-gather-rhel8:1.31.1-2	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1-tech-preview/eventing-istio-controller-rhel8:1.10.0-5	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8:1.10.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1-tech-preview/logic-swf-builder-rhel8:1.31.0-5	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z
openshift-serverless-1-tech-preview/logic-swf-devmode-rhel8:1.31.0-4	cpe:/a:redhat:openshift_serverless:1.31::el8	RHSA-2024:0843	2024-02-15T00:00:00Z

References

Link	Providers
https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r
https://nvd.nist.gov/vuln/detail/CVE-2023-49568
https://www.cve.org/CVERecord?id=CVE-2023-49568

History

No history.

MITRE

Status: PUBLISHED

Assigner: Bitdefender

Published: 2024-01-12T10:36:12.727Z

Updated: 2024-08-02T22:01:25.669Z

Reserved: 2023-11-27T14:21:51.157Z

Link: CVE-2023-49568

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-12T11:15:12.680

Modified: 2024-11-21T08:33:34.447

Link: CVE-2023-49568

Redhat

Severity : Important

Publid Date: 2023-12-24T00:00:00Z

Links: CVE-2023-49568 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-49568", "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "state": "PUBLISHED", "assignerShortName": "Bitdefender", "dateReserved": "2023-11-27T14:21:51.157Z", "datePublished": "2024-01-12T10:36:12.727Z", "dateUpdated": "2024-08-02T22:01:25.669Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "go-git", "vendor": "go-git", "versions": [{"status": "affected", "version": "5.11.0"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Ionu\u021b Lalu"}], "datePublic": "2024-01-12T10:16:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A denial of service (DoS) vulnerability was discovered in go-git versions prior to <code>v5.11</code>. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in <code>go-git</code> clients.Applications using only the in-memory filesystem supported by <code>go-git</code> are not affected by this vulnerability. This is a <code>go-git</code> implementation issue and does not affect the upstream <code>git</code> cli. "}], "value": "A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git\u00a0clients.\n\nApplications using only the in-memory filesystem supported by go-git\u00a0are not affected by this vulnerability.\nThis is a go-git\u00a0implementation issue and does not affect the upstream git\u00a0cli.\n\n\n"}], "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender", "dateUpdated": "2024-01-12T10:36:12.727Z"}, "references": [{"url": "https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An upgrade to v. 5.11 fixes this issue "}], "value": "An upgrade to v. 5.11 fixes this issue\n"}], "source": {"advisory": "GHSA-mw99-9chc-xw7r", "discovery": "EXTERNAL"}, "title": "Maliciously crafted Git server replies can cause DoS on go-git clients", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:01:25.669Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:go-git_project:go-git:*:*:*:*:*:go:*:*", "matchCriteriaId": "61C9245F-61A4-4756-83B1-13CE56E28FF0", "versionEndExcluding": "5.11.0", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git\u00a0clients.\n\nApplications using only the in-memory filesystem supported by go-git\u00a0are not affected by this vulnerability.\nThis is a go-git\u00a0implementation issue and does not affect the upstream git\u00a0cli.\n\n\n"}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en versiones de go-git anteriores a la v5.11. Esta vulnerabilidad permite a un atacante realizar ataques de denegaci\u00f3n de servicio proporcionando respuestas especialmente manipuladas desde un servidor Git que provoca el agotamiento de los recursos en los clientes go-git. Las aplicaciones que utilizan \u00fanicamente el sistema de archivos en memoria compatible con go-git no se ven afectadas por esta vulnerabilidad. Este es un problema de implementaci\u00f3n de go-git y no afecta el cli de git ascendente."}], "id": "CVE-2023-49568", "lastModified": "2024-11-21T08:33:34.447", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cve-requests@bitdefender.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-12T11:15:12.680", "references": [{"source": "cve-requests@bitdefender.com", "tags": ["Vendor Advisory"], "url": "https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r"}], "sourceIdentifier": "cve-requests@bitdefender.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "cve-requests@bitdefender.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:0989", "cpe": "cpe:/a:redhat:multicluster_globalhub:1.0::el8", "package": "multicluster-globalhub/multicluster-globalhub-grafana-rhel8:v1.0.2-4", "product_name": "multicluster-globalhub 1.0 for RHEL 8", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-controller-rhel8:v1.0.1-4", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-git-cloner-rhel8:v1.0.1-4", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-image-bundler-rhel8:v1.0.1-4", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-image-processing-rhel8:v1.0.1-4", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-operator-bundle:v1.0.1-11", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-rhel8-operator:v1.0.1-6", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-waiters-rhel8:v1.0.1-4", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1557", "cpe": "cpe:/a:redhat:openshift_builds:1.0::el8", "package": "openshift-builds/openshift-builds-webhook-rhel8:v1.0.1-4", "product_name": "OPENSHIFT-BUILDS-1.0-RHEL-8", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:0880", "cpe": "cpe:/a:redhat:serverless:1.0::el8", "package": "openshift-serverless-clients-0:1.10.0-6.el8", "product_name": "Openshift Serverless 1 on RHEL 8", "release_date": "2024-02-20T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-governance-policy-addon-controller-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-governance-policy-framework-addon-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-grafana-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-must-gather-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-operator-bundle:v2.7.11-14", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-prometheus-config-reloader-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-prometheus-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-search-indexer-rhel8:v2.7.11-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-search-v2-api-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-search-v2-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/acm-volsync-addon-controller-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/cert-policy-controller-rhel8:v2.7.11-7", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/cluster-backup-rhel8-operator:v2.7.11-10", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/config-policy-controller-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/console-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/endpoint-monitoring-rhel8-operator:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/governance-policy-propagator-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/grafana-dashboard-loader-rhel8:v2.7.11-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/iam-policy-controller-rhel8:v2.7.11-7", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/insights-client-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/insights-metrics-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/klusterlet-addon-controller-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/kube-rbac-proxy-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/kube-state-metrics-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/memcached-exporter-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/memcached-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/metrics-collector-rhel8:v2.7.11-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/multicloud-integrations-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/multiclusterhub-rhel8:v2.7.11-7", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/multicluster-observability-rhel8-operator:v2.7.11-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/multicluster-operators-application-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/multicluster-operators-channel-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/multicluster-operators-subscription-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/node-exporter-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/observatorium-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/observatorium-rhel8-operator:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/prometheus-alertmanager-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/prometheus-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/rbac-query-proxy-rhel8:v2.7.11-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/search-collector-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/submariner-addon-rhel8:v2.7.11-7", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/thanos-receive-controller-rhel8:v2.7.11-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0729", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/thanos-rhel8:v2.7.11-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0820", "cpe": "cpe:/a:redhat:acm:2.8::el8", "package": "rhacm2/multicluster-operators-subscription-rhel8:v2.8.5-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.8 for RHEL 8", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2024:0298", "cpe": "cpe:/a:redhat:acm:2.9::el8", "package": "rhacm2/multicluster-operators-subscription-rhel8:v2.9.2-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.9 for RHEL 8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:1570", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-central-db-rhel8:4.4.0-9", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1570", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:4.4.0-17", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1570", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-rhel8-operator:4.4.0-9", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1570", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-roxctl-rhel8:4.4.0-9", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1570", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-scanner-db-rhel8:4.4.0-11", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1570", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.4.0-2", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1570", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-scanner-rhel8:4.4.0-11", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:1570", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package": "advanced-cluster-security/rhacs-scanner-slim-rhel8:4.4.0-11", "product_name": "Red Hat Advanced Cluster Security 4.4", "release_date": "2024-03-28T00:00:00Z"}, {"advisory": "RHSA-2024:3925", "cpe": "cpe:/a:redhat:ceph_storage:7.1::el8", "package": "ceph-2:18.2.1-194.el8cp", "product_name": "Red Hat Ceph Storage 7.1", "release_date": "2024-06-14T00:00:00Z"}, {"advisory": "RHSA-2024:0832", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-ansible-operator:v4.12.0-202402081808.p0.g0bd975e.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:0832", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-helm-operator:v4.12.0-202402081808.p0.g0bd975e.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:0832", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-operator-sdk-rhel8:v4.12.0-202402081808.p0.g0bd975e.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:0833", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-operator-lifecycle-manager:v4.12.0-202402111607.p0.g9dd28b4.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:0833", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-operator-registry:v4.12.0-202402111607.p0.g9dd28b4.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:0833", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "redhat/redhat-operator-index:v4.12.0-202402111607.p0.g9dd28b4.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:1052", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/ose-olm-rukpak-rhel8:v4.12.0-202402161937.p0.gf219ce7.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-03-06T00:00:00Z"}, {"advisory": "RHSA-2024:1896", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4/oc-mirror-plugin-rhel8:v4.12.0-202404171248.p0.g3f39dc6.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-04-25T00:00:00Z"}, {"advisory": "RHSA-2024:0740", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-ansible-operator:v4.13.0-202402020908.p0.g01bfabb.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2024:0740", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-helm-operator:v4.13.0-202402020908.p0.g01bfabb.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2024:0740", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-operator-sdk-rhel8:v4.13.0-202402071637.p0.g01bfabb.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2024:0741", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-olm-rukpak-rhel8:v4.13.0-202402070238.p0.gaf47118.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-02-14T00:00:00Z"}, {"advisory": "RHSA-2024:0845", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-operator-lifecycle-manager:v4.13.0-202402081808.p0.g4cc5232.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:0845", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-operator-registry:v4.13.0-202402081808.p0.g4cc5232.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:2047", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/oc-mirror-plugin-rhel8:v4.13.0-202404200313.p0.g02367d7.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-05-02T00:00:00Z"}, {"advisory": "RHSA-2024:0641", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-ansible-operator:v4.14.0-202401301709.p0.g0f0d1b2.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0641", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-helm-operator:v4.14.0-202401301709.p0.g0f0d1b2.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0641", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-operator-sdk-rhel8:v4.14.0-202401301709.p0.g0f0d1b2.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0642", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-olm-catalogd-rhel8:v4.14.0-202401292111.p0.ga333cb0.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0642", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-olm-operator-controller-rhel8:v4.14.0-202401292111.p0.gfb6fb27.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0642", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-operator-lifecycle-manager:v4.14.0-202402010409.p0.gb831504.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0642", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-operator-registry:v4.14.0-202402010409.p0.gb831504.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0642", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "redhat/redhat-operator-index:v4.14.0-202402010409.p0.gb831504.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0735", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-olm-rukpak-rhel8:v4.14.0-202402060410.p0.g2287fb2.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-02-13T00:00:00Z"}, {"advisory": "RHSA-2024:1891", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/oc-mirror-plugin-rhel8:v4.14.0-202404161544.p0.ga0733c1.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-04-26T00:00:00Z"}, {"advisory": "RHSA-2024:4010", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-tools-rhel8:v4.14.0-202406180839.p0.gaa6e2f2.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-06-26T00:00:00Z"}, {"advisory": "RHSA-2024:3889", "cpe": "cpe:/a:redhat:openshift:4.15::el8", "package": "openshift4/ose-tools-rhel8:v4.15.0-202406101406.p0.g44edfb5.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-06-18T00:00:00Z"}, {"advisory": "RHSA-2024:1887", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/oc-mirror-plugin-rhel9:v4.15.0-202404161612.p0.g85c8f6f.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-04-25T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/argocd-rhel8:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/argo-rollouts-rhel8:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/console-plugin-rhel8:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/dex-rhel8:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/gitops-operator-bundle:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/gitops-rhel8:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/gitops-rhel8-operator:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/kam-delivery-rhel8:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0692", "cpe": "cpe:/a:redhat:openshift_gitops:1.10::el8", "package": "openshift-gitops-1/must-gather-rhel8:v1.10.2-2", "product_name": "Red Hat OpenShift GitOps 1.10", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0691", "cpe": "cpe:/a:redhat:openshift_gitops:1.9::el9", "package": "openshift-gitops-1/argocd-rhel8:v1.9.4-1", "product_name": "Red Hat OpenShift GitOps 1.9", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0691", "cpe": "cpe:/a:redhat:openshift_gitops:1.9::el9", "package": "openshift-gitops-1/argo-rollouts-rhel8:v1.9.4-1", "product_name": "Red Hat OpenShift GitOps 1.9", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0691", "cpe": "cpe:/a:redhat:openshift_gitops:1.9::el9", "package": "openshift-gitops-1/console-plugin-rhel8:v1.9.4-1", "product_name": "Red Hat OpenShift GitOps 1.9", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0691", "cpe": "cpe:/a:redhat:openshift_gitops:1.9::el9", "package": "openshift-gitops-1/dex-rhel8:v1.9.4-1", "product_name": "Red Hat OpenShift GitOps 1.9", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0691", "cpe": "cpe:/a:redhat:openshift_gitops:1.9::el9", "package": "openshift-gitops-1/gitops-operator-bundle:v1.9.4-1", "product_name": "Red Hat OpenShift GitOps 1.9", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0691", "cpe": "cpe:/a:redhat:openshift_gitops:1.9::el9", "package": "openshift-gitops-1/gitops-rhel8:v1.9.4-1", "product_name": "Red Hat OpenShift GitOps 1.9", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0691", "cpe": "cpe:/a:redhat:openshift_gitops:1.9::el9", "package": "openshift-gitops-1/gitops-rhel8-operator:v1.9.4-1", "product_name": "Red Hat OpenShift GitOps 1.9", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0691", "cpe": "cpe:/a:redhat:openshift_gitops:1.9::el9", "package": "openshift-gitops-1/kam-delivery-rhel8:v1.9.4-1", "product_name": "Red Hat OpenShift GitOps 1.9", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0691", "cpe": "cpe:/a:redhat:openshift_gitops:1.9::el9", "package": "openshift-gitops-1/must-gather-rhel8:v1.9.4-1", "product_name": "Red Hat OpenShift GitOps 1.9", "release_date": "2024-02-05T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/client-kn-rhel8:1.10.0-5", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-controller-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-istio-controller-rhel8:1.10.0-5", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.10.0-3", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.10.0-3", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.10.0-3", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8:1.10.0-3", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.10.0-3", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-mtping-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-storage-version-migration-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/eventing-webhook-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/func-utils-rhel8:1.31.1-2", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/ingress-rhel8-operator:1.31.1-2", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/knative-rhel8-operator:1.31.1-2", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/kn-cli-artifacts-rhel8:1.10.0-3", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/kourier-control-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/net-istio-controller-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/net-istio-webhook-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serverless-operator-bundle:1.31.1-1", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serverless-rhel8-operator:1.31.1-2", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-activator-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-autoscaler-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-controller-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-domain-mapping-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-queue-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-storage-version-migration-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/serving-webhook-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1/svls-must-gather-rhel8:1.31.1-2", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1-tech-preview/eventing-istio-controller-rhel8:1.10.0-5", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8:1.10.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1-tech-preview/logic-swf-builder-rhel8:1.31.0-5", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}, {"advisory": "RHSA-2024:0843", "cpe": "cpe:/a:redhat:openshift_serverless:1.31::el8", "package": "openshift-serverless-1-tech-preview/logic-swf-devmode-rhel8:1.31.0-4", "product_name": "RHOSS-1.31-RHEL-8", "release_date": "2024-02-15T00:00:00Z"}], "bugzilla": {"description": "go-git: Maliciously crafted Git server replies can cause DoS on go-git clients", "id": "2258165", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258165"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git\u00a0clients.\nApplications using only the in-memory filesystem supported by go-git\u00a0are not affected by this vulnerability.\nThis is a go-git\u00a0implementation issue and does not affect the upstream git\u00a0cli.", "A denial of service (DoS) vulnerability was found in the go library go-git. This issue may allow an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients."], "mitigation": {"lang": "en:us", "value": "In cases where a bump to the latest version of go-git is not possible, a recommendation to reduce the exposure of this threat is limiting its use to only trust-worthy Git servers."}, "name": "CVE-2023-49568", "package_state": [{"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Affected", "package_name": "odo", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "hub-of-hubs-gitops", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "multicluster-engine", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Will not fix", "package_name": "multicluster-engine-assisted-installer-reporter", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Will not fix", "package_name": "multicluster-engine-assisted-service", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "multicluster-globalhub-grafana", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/cluster-curator-controller-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/clusterlifecycle-state-metrics-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/multicluster-operators-subscription-release-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/openshift-hive-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/submariner-rhel8-operator", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-central-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-rhel8-operator", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-roxctl-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-scanner-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-scanner-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-scanner-slim-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:ceph_storage:6", "fix_state": "Affected", "package_name": "rhceph/rhceph-6-dashboard-rhel9", "product_name": "Red Hat Ceph Storage 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "cri-o", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cli", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cli-artifacts", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-cli-artifacts-alt-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-deployer", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift-clients", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-csi-addons-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-csi-addons-sidecar-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odr-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-ml-pipelines-api-server-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-ml-pipelines-artifact-manager-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-ml-pipelines-cache-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-ml-pipelines-persistenceagent-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-ml-pipelines-viewercontroller-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Not affected", "package_name": "devspaces/devspaces-rhel8-operator", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/cluster-network-addons-operator", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/cluster-network-addons-operator-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "osp-director-provisioner-container", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "rhosp-rhel8/osp-director-agent", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "rhosp-rhel8-tech-preview/osp-director-downloader", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "rhosp-rhel8-tech-preview/osp-director-operator", "product_name": "Red Hat OpenStack Platform 16.2"}], "public_date": "2023-12-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-49568\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-49568\nhttps://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r"], "statement": "This problem only affects the go implementation and not the original git cli code. Applications using only in-memory filesystems are not affected by this issue. Clients should be limited to connect to only trusted git servers to reduce the risk of compromise.", "threat_severity": "Important"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object