{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2026-46595", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "state": "PUBLISHED", "assignerShortName": "Go", "dateReserved": "2026-05-15T17:35:00.813Z", "datePublished": "2026-05-22T02:31:27.894Z", "dateUpdated": "2026-07-17T12:04:42.205Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2026-05-22T02:31:27.894Z" }, "title": "Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh", "descriptions": [ { "lang": "en", "value": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped." } ], "affected": [ { "vendor": "golang.org/x/crypto", "product": "golang.org/x/crypto/ssh", "collectionURL": "https://pkg.go.dev", "packageName": "golang.org/x/crypto/ssh", "versions": [ { "version": "0", "lessThan": "0.52.0", "status": "affected", "versionType": "semver" } ], "programRoutines": [ { "name": "connection.serverAuthenticate" }, { "name": "NewServerConn" } ], "defaultStatus": "unaffected" } ], "problemTypes": [ { "descriptions": [ { "lang": "en", "description": "CWE-863: Incorrect Authorization" } ] } ], "references": [ { "url": "https://go.dev/issue/79570" }, { "url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI" }, { "url": "https://go.dev/cl/781642" }, { "url": "https://pkg.go.dev/vuln/GO-2026-5023" } ] }, "adp": [ { "problemTypes": [ { "descriptions": [ { "type": "CWE", "cweId": "CWE-863", "lang": "en", "description": "CWE-863 Incorrect Authorization" } ] } ], "metrics": [ { "cvssV3_1": { "scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH" } }, { "other": { "type": "ssvc", "content": { "timestamp": "2026-05-22T18:21:12.222019Z", "id": "CVE-2026-46595", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-22T18:21:43.315Z" } }, { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:edge_manager:1.0::el9" ], "defaultStatus": "affected", "packageName": "flightctl", "product": "RHEM 1.0 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.0.3-1.el9em", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:edge_manager:1.1::el10" ], "defaultStatus": "affected", "packageName": "flightctl", "product": "RHEM 1.1 for RHEL 10", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.1.3-1.el10em", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:edge_manager:1.1:el9" ], "defaultStatus": "affected", "packageName": "flightctl", "product": "RHEM 1.1 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.1.3-1.el9em", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:devworkspace:0.42::el9" ], "defaultStatus": "affected", "packageName": "devworkspace/devworkspace-rhel9-operator", "product": "DevWorkspace Operator 0.42", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782401674", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:multicluster_engine:2.8::el9" ], "defaultStatus": "affected", "packageName": "multicluster-engine/addon-manager-rhel9", "product": "multicluster engine for Kubernetes 2.8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782160196", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:multicluster_engine:2.8::el9" ], "defaultStatus": "affected", "packageName": "multicluster-engine/kube-rbac-proxy-mce-rhel9", "product": "multicluster engine for Kubernetes 2.8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782477094", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:multicluster_engine:2.8::el9" ], "defaultStatus": "affected", "packageName": "multicluster-engine/placement-rhel9", "product": "multicluster engine for Kubernetes 2.8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782160009", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:multicluster_engine:2.8::el9" ], "defaultStatus": "affected", "packageName": "multicluster-engine/registration-operator-rhel9", "product": "multicluster engine for Kubernetes 2.8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782160210", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:multicluster_engine:2.8::el9" ], "defaultStatus": "affected", "packageName": "multicluster-engine/registration-rhel9", "product": "multicluster engine for Kubernetes 2.8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782160541", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:multicluster_engine:2.8::el9" ], "defaultStatus": "affected", "packageName": "multicluster-engine/work-rhel9", "product": "multicluster engine for Kubernetes 2.8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782159773", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:acm:2.13::el9" ], "defaultStatus": "affected", "packageName": "rhacm2/acm-grafana-rhel9", "product": "Red Hat Advanced Cluster Management for Kubernetes 2.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782383730", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:acm:2.13::el9" ], "defaultStatus": "affected", "packageName": "rhacm2/kube-rbac-proxy-rhel9", "product": "Red Hat Advanced Cluster Management for Kubernetes 2.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782488873", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:acm:2.13::el9" ], "defaultStatus": "affected", "packageName": "rhacm2/multicluster-observability-rhel9-operator", "product": "Red Hat Advanced Cluster Management for Kubernetes 2.13", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782382711", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.10::el8" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "product": "Red Hat Advanced Cluster Security for Kubernetes 4.10", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1781686458", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.11::el9" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-main-rhel9", "product": "Red Hat Advanced Cluster Security for Kubernetes 4.11", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1783352589", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.9::el8" ], "defaultStatus": "affected", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1781686446", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:edge_manager:1.0::el9" ], "defaultStatus": "affected", "packageName": "rhem/flightctl-api-rhel9", "product": "Red Hat Edge Manager 1.0", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1783502025", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:edge_manager:1.1::el10" ], "defaultStatus": "affected", "packageName": "rhem/flightctl-api-rhel10", "product": "Red Hat Edge Manager 1.1", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1784196588", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:edge_manager:1.1::el9" ], "defaultStatus": "affected", "packageName": "rhem/flightctl-api-rhel9", "product": "Red Hat Edge Manager 1.1", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1784126780", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:enterprise_linux_ai:3.4::el9" ], "defaultStatus": "affected", "packageName": "rhelai3/disk-image-cuda-rhel9", "product": "Red Hat Enterprise Linux AI 3.4", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782804957", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:enterprise_linux_ai:3.4::el9" ], "defaultStatus": "affected", "packageName": "rhelai3/bootc-aws-cuda-rhel9", "product": "Red Hat Enterprise Linux AI 3.4", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782758407", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:enterprise_linux_ai:3.4::el9" ], "defaultStatus": "affected", "packageName": "rhelai3/bootc-azure-cuda-rhel9", "product": "Red Hat Enterprise Linux AI 3.4", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782758410", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:enterprise_linux_ai:3.4::el9" ], "defaultStatus": "affected", "packageName": "rhelai3/bootc-azure-rocm-rhel9", "product": "Red Hat Enterprise Linux AI 3.4", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782754093", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:enterprise_linux_ai:3.4::el9" ], "defaultStatus": "affected", "packageName": "rhelai3/bootc-cuda-rhel9", "product": "Red Hat Enterprise Linux AI 3.4", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782744816", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:enterprise_linux_ai:3.4::el9" ], "defaultStatus": "affected", "packageName": "rhelai3/bootc-gcp-cuda-rhel9", "product": "Red Hat Enterprise Linux AI 3.4", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782758409", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:enterprise_linux_ai:3.4::el9" ], "defaultStatus": "affected", "packageName": "rhelai3/bootc-rocm-rhel9", "product": "Red Hat Enterprise Linux AI 3.4", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782744830", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:hummingbird:1" ], "defaultStatus": "affected", "packageName": "golang1-25-main", "product": "Red Hat Hardened Images", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.25.11-2.hum1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:hummingbird:1" ], "defaultStatus": "affected", "packageName": "golang1-26-main", "product": "Red Hat Hardened Images", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.26.4-2.hum1", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_ai:3.3::el9" ], "defaultStatus": "affected", "packageName": "rhoai/odh-trainer-rhel9", "product": "Red Hat OpenShift AI 3.3", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782471656", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_builds:1.7::el9" ], "defaultStatus": "affected", "packageName": "openshift-builds/openshift-builds-waiters-rhel9", "product": "Red Hat OpenShift Builds 1.7.4", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1783057868", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_builds:1.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-builds/openshift-builds-rhel9-operator", "product": "Red Hat OpenShift Builds 1.8.1", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1784121108", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_builds:1.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-builds/openshift-builds-waiters-rhel9", "product": "Red Hat OpenShift Builds 1.8.1", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1783612119", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/cephcsi-rhel9", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782932114", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/cephcsi-rhel9-operator", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782931768", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/devicefinder-rhel9", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782932104", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/mcg-core-rhel9", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1783536000", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/mcg-rhel9-operator", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1783535989", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/ocs-client-console-rhel9", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1783536515", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/ocs-client-rhel9-operator", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782932521", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/ocs-metrics-exporter-rhel9", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1783018461", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/ocs-rhel9-operator", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1783018421", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/odf-blackbox-exporter-rhel9", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782932812", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/odf-cli-rhel9", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1783537001", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/odf-cloudnative-pg-rhel9-operator", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782932919", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/odf-console-rhel9", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1783537586", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/odf-cosi-sidecar-rhel9", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782932969", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/odf-csi-addons-rhel9-operator", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782933015", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/odf-csi-addons-sidecar-rhel9", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782933042", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/odf-drbd-rhel9", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1783537392", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/odf-external-snapshotter-rhel9-operator", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782933235", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/odf-external-snapshotter-sidecar-rhel9", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782933251", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/odf-multicluster-console-rhel9", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1783537955", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/odf-multicluster-rhel9-operator", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782933417", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/odf-must-gather-rhel9", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1783537742", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/odf-rhel9-operator", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782933602", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/odr-rhel9-operator", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1783019377", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/odr-volsync-plugin-mover-rhel9", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782934054", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/odr-volsync-plugin-rhel9-operator", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782934036", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4.22::el9" ], "defaultStatus": "affected", "packageName": "odf4/rook-ceph-rhel9-operator", "product": "Red Hat Openshift Data Foundation 4.22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782934284", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_devspaces:3.29::el9" ], "defaultStatus": "affected", "packageName": "devspaces/traefik-rhel9", "product": "Red Hat OpenShift Dev Spaces 3.29", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1782403274", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:trusted_artifact_signer:1.4::el9" ], "defaultStatus": "affected", "packageName": "conforma-cli-stack-v1", "product": "Red Hat Trusted Artifact Signer 1.4", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4-1.4.2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:assisted_installer:2" ], "defaultStatus": "affected", "packageName": "assisted/agent-preinstall-image-builder-rhel9", "product": "Assisted Installer for Red Hat OpenShift Container Platform 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:cert_manager:1" ], "defaultStatus": "affected", "packageName": "cert-manager/jetstack-cert-manager-rhel9", "product": "cert-manager Operator for Red Hat OpenShift", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:confidential_compute_attestation:1" ], "defaultStatus": "affected", "packageName": "openshift-sandboxed-containers/osc-rhel9-operator", "product": "Confidential Compute Attestation", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:cryostat:4" ], "defaultStatus": "affected", "packageName": "cryostat/cryostat-storage-rhel9", "product": "Cryostat 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:external_secrets_operator:1" ], "defaultStatus": "affected", "packageName": "external-secrets-operator/external-secrets-rhel9", "product": "External Secrets Operator for Red Hat OpenShift", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:multicluster_engine" ], "defaultStatus": "affected", "packageName": "multicluster-engine/assisted-service-8-rhel8", "product": "Multicluster Engine for Kubernetes", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:multicluster_engine" ], "defaultStatus": "affected", "packageName": "multicluster-engine/assisted-service-9-rhel9", "product": "Multicluster Engine for Kubernetes", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:multicluster_engine" ], "defaultStatus": "affected", "packageName": "multicluster-engine/backplane-rhel9-operator", "product": "Multicluster Engine for Kubernetes", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:multicluster_engine" ], "defaultStatus": "affected", "packageName": "multicluster-engine/cluster-image-set-controller-rhel9", "product": "Multicluster Engine for Kubernetes", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:multicluster_engine" ], "defaultStatus": "unknown", "packageName": "multicluster-engine/hypershift-addon-rhel9-operator", "product": "Multicluster Engine for Kubernetes", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:multicluster_engine" ], "defaultStatus": "affected", "packageName": "multicluster-engine/managedcluster-import-controller", "product": "Multicluster Engine for Kubernetes", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:multicluster_engine" ], "defaultStatus": "affected", "packageName": "multicluster-engine/multicloud-manager-rhel9", "product": "Multicluster Engine for Kubernetes", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_api_data_protection:1" ], "defaultStatus": "unknown", "packageName": "oadp/oadp-velero-rhel9", "product": "OpenShift API for Data Protection", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_pipelines:1" ], "defaultStatus": "affected", "packageName": "openshift-pipelines-client", "product": "OpenShift Pipelines", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:serverless:1" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/kn-plugin-func-func-util-rhel9", "product": "OpenShift Serverless", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:serverless:1" ], "defaultStatus": "affected", "packageName": "openshift-serverless-clients", "product": "OpenShift Serverless", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:acm:2" ], "defaultStatus": "affected", "packageName": "rhacm2/multicloud-integrations-rhel9", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:acm:2" ], "defaultStatus": "affected", "packageName": "rhacm2/multiclusterhub-rhel9", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:acm:2" ], "defaultStatus": "affected", "packageName": "rhacm2/multicluster-operators-channel-rhel9", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:acm:2" ], "defaultStatus": "affected", "packageName": "rhacm2/multicluster-operators-subscription-rhel9", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:acm:2" ], "defaultStatus": "affected", "packageName": "rhacm2/observatorium-rhel9-operator", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:acm:2" ], "defaultStatus": "affected", "packageName": "rhacm2/volsync-rhel9", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:ceph_storage:9" ], "defaultStatus": "affected", "packageName": "rhceph/alloy-rhel10", "product": "Red Hat Ceph Storage 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "buildah", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "golang", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "affected", "packageName": "gvisor-tap-vsock", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "podman", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "trustee", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "container-tools:rhel8/buildah", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "container-tools:rhel8/podman", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "golang", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "buildah", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "golang", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "gvisor-tap-vsock", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux_ai:3" ], "defaultStatus": "affected", "packageName": "golang", "product": "Red Hat Enterprise Linux AI (RHEL AI) 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_ai" ], "defaultStatus": "affected", "packageName": "rhoai/odh-data-science-pipelines-argo-argoexec-rhel9", "product": "Red Hat OpenShift AI (RHOAI)", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_ai" ], "defaultStatus": "affected", "packageName": "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9", "product": "Red Hat OpenShift AI (RHOAI)", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_ai" ], "defaultStatus": "unaffected", "packageName": "rhoai/odh-model-registry-rhel8", "product": "Red Hat OpenShift AI (RHOAI)", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_ai" ], "defaultStatus": "unaffected", "packageName": "rhoai/odh-model-registry-rhel9", "product": "Red Hat OpenShift AI (RHOAI)", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "cri-o", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "microshift", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "openshift", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unknown", "packageName": "openshift4/ose-hypershift-rhel9", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "openshift4/ose-ptp", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4/ose-ptp-rhel9", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "openshift4/ose-vsphere-csi-driver-rhel8", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "openshift4/ose-vsphere-csi-driver-rhel9", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "openshift4-wincw/windows-machine-config-rhel8-operator", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "ose-azure-acr-image-credential-provider", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "unaffected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:windows_machine_config" ], "defaultStatus": "affected", "packageName": "openshift4-wincw/windows-machine-config-rhel9-operator", "product": "Red Hat OpenShift for Windows Containers", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_gitops:1" ], "defaultStatus": "affected", "packageName": "openshift-gitops-1/argocd-rhel8", "product": "Red Hat OpenShift GitOps", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_gitops:1" ], "defaultStatus": "affected", "packageName": "openshift-gitops-1/argocd-rhel9", "product": "Red Hat OpenShift GitOps", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_service_on_aws:1" ], "defaultStatus": "affected", "packageName": "rosa", "product": "Red Hat OpenShift on AWS", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:container_native_virtualization:4" ], "defaultStatus": "affected", "packageName": "kubevirt", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.2" ], "defaultStatus": "unaffected", "packageName": "golang-googlecode-go-crypto", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:16.2" ], "defaultStatus": "unaffected", "packageName": "rhosp-rhel8/osp-director-agent", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:17.1" ], "defaultStatus": "unaffected", "packageName": "rhosp-rhel9/osp-director-agent", "product": "Red Hat OpenStack Platform 17.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:18.0" ], "defaultStatus": "affected", "packageName": "rhoso-operators/octavia-rhel9-operator", "product": "Red Hat OpenStack Platform 18.0", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quay:3" ], "defaultStatus": "affected", "packageName": "quay/quay-builder-rhel8", "product": "Red Hat Quay 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quay:3" ], "defaultStatus": "affected", "packageName": "quay/quay-builder-rhel9", "product": "Red Hat Quay 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_security_profiles_operator:1" ], "defaultStatus": "affected", "packageName": "compliance/openshift-security-profiles-rhel8-operator", "product": "Security Profiles Operator", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:zero_trust_workload_identity_manager:1" ], "defaultStatus": "affected", "packageName": "zero-trust-workload-identity-manager/spiffe-spire-agent-rhel9", "product": "Zero Trust Workload Identity Manager", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:zero_trust_workload_identity_manager:0" ], "defaultStatus": "affected", "packageName": "zero-trust-workload-identity-manager/spiffe-spire-agent-rhel9", "product": "Zero Trust Workload Identity Manager - Tech Preview", "vendor": "Red Hat" } ], "datePublic": "2026-05-22T02:31:27.894Z", "descriptions": [ { "lang": "en", "value": "A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the CVE-2024-45337 fix." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-303", "description": "Incorrect Implementation of Authentication Algorithm", "lang": "en", "type": "CWE" } ] } ], "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2026-46595" }, { "name": "RHBZ#2480689", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480689" }, { "tags": [ "x_sadp-csaf-vex" ], "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46595.json" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:41019" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36796" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36808" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:30651" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:26547" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36207" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:26546" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36651" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:40945" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:40118" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:33531" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:33524" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:23262" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:23264" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:37275" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36648" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:41036" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36820" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:37387" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36797" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:30650" } ], "solutions": [ { "lang": "en", "value": "RHSA-2026:41019: RHEM 1.1 for RHEL 10, RHEM 1.1 for RHEL 9" }, { "lang": "en", "value": "RHSA-2026:36796: RHEM 1.0 for RHEL 9" }, { "lang": "en", "value": "RHSA-2026:36808: DevWorkspace Operator 0.42" }, { "lang": "en", "value": "RHSA-2026:30651: Red Hat Advanced Cluster Management for Kubernetes 2.13" }, { "lang": "en", "value": "RHSA-2026:26547: Red Hat Advanced Cluster Security for Kubernetes 4.10" }, { "lang": "en", "value": "RHSA-2026:36207: Red Hat Advanced Cluster Security for Kubernetes 4.11" }, { "lang": "en", "value": "RHSA-2026:26546: Red Hat Advanced Cluster Security for Kubernetes 4.9" }, { "lang": "en", "value": "RHSA-2026:36651: Red Hat Edge Manager 1.0" }, { "lang": "en", "value": "RHSA-2026:40945: Red Hat Edge Manager 1.1" }, { "lang": "en", "value": "RHSA-2026:40118: Red Hat Edge Manager 1.1" }, { "lang": "en", "value": "RHSA-2026:33531: Red Hat Enterprise Linux AI 3.4" }, { "lang": "en", "value": "RHSA-2026:33524: Red Hat Enterprise Linux AI 3.4" }, { "lang": "en", "value": "RHSA-2026:23262: Red Hat Hardened Images" }, { "lang": "en", "value": "RHSA-2026:23264: Red Hat Hardened Images" }, { "lang": "en", "value": "RHSA-2026:37275: Red Hat OpenShift AI 3.3" }, { "lang": "en", "value": "RHSA-2026:36648: Red Hat OpenShift Builds 1.7.4" }, { "lang": "en", "value": "RHSA-2026:41036: Red Hat OpenShift Builds 1.8.1" }, { "lang": "en", "value": "RHSA-2026:36820: Red Hat OpenShift Dev Spaces 3.29" }, { "lang": "en", "value": "RHSA-2026:37387: Red Hat Openshift Data Foundation 4.22" }, { "lang": "en", "value": "RHSA-2026:36797: Red Hat Trusted Artifact Signer 1.4" }, { "lang": "en", "value": "RHSA-2026:30650: multicluster engine for Kubernetes 2.8" } ], "timeline": [ { "lang": "en", "time": "2026-05-22T04:01:52.215Z", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2026-05-22T02:31:27.894Z", "value": "Made public." } ], "title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation", "workarounds": [ { "lang": "en", "value": "Upgrade to a fixed golang.org/x/crypto/ssh release via updated golang or package rebuilds. Ensure SSH servers use supported public-key callback configurations with source-address validation as intended." } ], "x_adpType": "supplier", "x_generator": { "engine": "sadp-cli 1.0.0" }, "providerMetadata": { "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-07-17T12:04:42.205Z" } } ] } }