{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-32314", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-05-08T13:26:03.878Z", "datePublished": "2023-05-15T19:46:32.834Z", "dateUpdated": "2025-01-22T21:42:31.793Z"}, "containers": {"cna": {"title": "Sandbox Escape", "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5"}, {"name": "https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf", "tags": ["x_refsource_MISC"], "url": "https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf"}, {"name": "https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac", "tags": ["x_refsource_MISC"], "url": "https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac"}, {"name": "https://github.com/patriksimek/vm2/releases/tag/3.9.18", "tags": ["x_refsource_MISC"], "url": "https://github.com/patriksimek/vm2/releases/tag/3.9.18"}], "affected": [{"vendor": "patriksimek", "product": "vm2", "versions": [{"version": "< 3.9.18", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-05-15T19:46:32.834Z"}, "descriptions": [{"lang": "en", "value": "vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. There are no known workarounds for this vulnerability."}], "source": {"advisory": "GHSA-whpj-8f3w-67p5", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:10:24.942Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5"}, {"name": "https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf"}, {"name": "https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac"}, {"name": "https://github.com/patriksimek/vm2/releases/tag/3.9.18", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/patriksimek/vm2/releases/tag/3.9.18"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-22T21:42:22.147436Z", "id": "CVE-2023-32314", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-22T21:42:31.793Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5", "name": "https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf", "name": "https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac", "name": "https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/patriksimek/vm2/releases/tag/3.9.18", "name": "https://github.com/patriksimek/vm2/releases/tag/3.9.18", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:10:24.942Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-32314", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-22T21:42:22.147436Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-22T21:42:01.174Z"}}], "cna": {"title": "Sandbox Escape", "source": {"advisory": "GHSA-whpj-8f3w-67p5", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "patriksimek", "product": "vm2", "versions": [{"status": "affected", "version": "< 3.9.18"}]}], "references": [{"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5", "name": "https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf", "name": "https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf", "tags": ["x_refsource_MISC"]}, {"url": "https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac", "name": "https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/patriksimek/vm2/releases/tag/3.9.18", "name": "https://github.com/patriksimek/vm2/releases/tag/3.9.18", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. There are no known workarounds for this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-05-15T19:46:32.834Z"}}}, "cveMetadata": {"cveId": "CVE-2023-32314", "state": "PUBLISHED", "dateUpdated": "2025-01-22T21:42:31.793Z", "dateReserved": "2023-05-08T13:26:03.878Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-05-15T19:46:32.834Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vm2_project:vm2:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "80ED3198-E3DA-4ACD-883B-10CDB835BA33", "versionEndExcluding": "3.9.18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. There are no known workarounds for this vulnerability."}], "id": "CVE-2023-32314", "lastModified": "2024-11-21T08:03:05.643", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-15T20:15:09.177", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/patriksimek/vm2/releases/tag/3.9.18"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/patriksimek/vm2/releases/tag/3.9.18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-agent-service-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-apiserver-network-proxy-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-assisted-image-service-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-assisted-installer-agent-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-assisted-installer-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-assisted-installer-reporter-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-aws-encryption-provider-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-cluster-api-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-cluster-api-provider-agent-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-cluster-api-provider-aws-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-cluster-api-provider-azure-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-cluster-api-provider-kubevirt-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-clusterclaims-controller-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-cluster-curator-controller-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-clusterlifecycle-state-metrics-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-console-mce-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-discovery-operator-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-hive-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-hypershift-addon-operator-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-hypershift-deployment-controller-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-hypershift-operator-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-klusterlet-operator-bundle-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-managedcluster-import-controller-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-managed-serviceaccount-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-multicloud-manager-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-must-gather-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-operator-bundle-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-operator-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-placement-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-provider-credential-controller-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-registration-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-registration-operator-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3353", "cpe": "cpe:/a:redhat:multicluster_engine:2.0::el8", "package": "multicluster-engine-work-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-agent-service-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-apiserver-network-proxy-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-assisted-image-service-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-assisted-installer-agent-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-assisted-installer-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-assisted-installer-reporter-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-aws-encryption-provider-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-cluster-api-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-cluster-api-provider-agent-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-cluster-api-provider-aws-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-cluster-api-provider-azure-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-cluster-api-provider-kubevirt-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-clusterclaims-controller-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-cluster-curator-controller-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-clusterlifecycle-state-metrics-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-cluster-proxy-addon-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-cluster-proxy-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-console-mce-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-discovery-operator-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-hive-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-hypershift-addon-operator-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-hypershift-deployment-controller-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-hypershift-operator-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-klusterlet-operator-bundle-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-managedcluster-import-controller-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-managed-serviceaccount-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-multicloud-manager-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-must-gather-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-operator-bundle-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-operator-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-placement-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-provider-credential-controller-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-registration-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-registration-operator-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3325", "cpe": "cpe:/a:redhat:multicluster_engine:2.1::el8", "package": "multicluster-engine-work-container", "product_name": "Multicluster Engine for Kubernetes", "release_date": "2023-05-25T00:00:00Z"}, {"advisory": "RHSA-2023:3296", "cpe": "cpe:/a:redhat:multicluster_engine:2.2::el8", "package": "multicluster-engine/console-mce-rhel8:v2.2.4-4", "product_name": "multicluster engine for Kubernetes 2.2 for RHEL 8", "release_date": "2023-05-24T00:00:00Z"}, {"advisory": "RHSA-2023:3296", "cpe": "cpe:/a:redhat:multicluster_engine:2.2::el8", "package": "multicluster-engine/multicluster-engine-console-mce-rhel8:v2.2.4-4", "product_name": "multicluster engine for Kubernetes 2.2 for RHEL 8", "release_date": "2023-05-24T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "acm-cluster-proxy-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "acm-governance-policy-addon-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "acm-grafana-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "acm-must-gather-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "acm-operator-bundle-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "acm-prometheus-config-reloader-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "acm-prometheus-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "acm-volsync-addon-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "cert-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "cluster-backup-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "cluster-proxy-addon-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "config-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "console-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "endpoint-monitoring-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "governance-policy-propagator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "governance-policy-spec-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "governance-policy-status-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "governance-policy-template-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "grafana-dashboard-loader-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "iam-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "insights-client-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "insights-metrics-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "klusterlet-addon-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "klusterlet-addon-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "kube-rbac-proxy-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "kube-state-metrics-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "management-ingress-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "memcached-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "memcached-exporter-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "metrics-collector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "multicloud-integrations-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "multiclusterhub-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "multiclusterhub-repo-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "multicluster-observability-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "multicluster-operators-application-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "multicluster-operators-channel-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "multicluster-operators-subscription-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "node-exporter-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "observatorium-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "observatorium-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "prometheus-alertmanager-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "prometheus-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "rbac-query-proxy-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "redisgraph-tls-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "search-aggregator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "search-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "search-collector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "search-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "submariner-addon-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "thanos-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3356", "cpe": "cpe:/a:redhat:acm:2.5::el8", "package": "thanos-receive-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "acm-governance-policy-addon-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "acm-grafana-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "acm-must-gather-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "acm-operator-bundle-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "acm-prometheus-config-reloader-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "acm-prometheus-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "acm-volsync-addon-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "cert-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "cluster-backup-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "config-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "console-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "endpoint-monitoring-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "governance-policy-propagator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "governance-policy-spec-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "governance-policy-status-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "governance-policy-template-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "grafana-dashboard-loader-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "iam-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "insights-client-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "insights-metrics-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "klusterlet-addon-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "kube-rbac-proxy-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "kube-state-metrics-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "management-ingress-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "memcached-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "memcached-exporter-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "metrics-collector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "multicloud-integrations-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "multiclusterhub-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "multiclusterhub-repo-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "multicluster-observability-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "multicluster-operators-application-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "multicluster-operators-channel-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "multicluster-operators-subscription-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "node-exporter-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "observatorium-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "observatorium-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "prometheus-alertmanager-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "prometheus-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "rbac-query-proxy-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "redisgraph-tls-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "search-aggregator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "search-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "search-collector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "search-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "submariner-addon-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "thanos-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3326", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "thanos-receive-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-05-26T00:00:00Z"}, {"advisory": "RHSA-2023:3297", "cpe": "cpe:/a:redhat:acm:2.7::el8", "package": "rhacm2/console-rhel8:v2.7.4-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8", "release_date": "2023-05-24T00:00:00Z"}], "bugzilla": {"description": "vm2: Sandbox Escape", "id": "2208376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208376"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-755->CWE-74", "details": ["vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "A flaw was found in the vm2 sandbox. When a host object is created based on the specification of Proxy, an attacker can bypass the sandbox protections. This may allow an attacker to run remote code execution on the host running the sandbox. This vulnerability impacts the confidentiality, integrity, and availability of the system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2023-32314", "public_date": "2023-05-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-32314\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32314\nhttps://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5"], "threat_severity": "Critical", "upstream_fix": "vm2 3.9.18"}