{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright © Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Container Platform release 3.9.31 is now available with updates to packages and images that address security issues, fix several bugs, and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.31. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:2014\n\nSecurity Fix(es):\n\n* routing: Malicious Service configuration can bring down routing for an entire shard (CVE-2018-1070)\n\n* openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication (CVE-2018-1085)\n\n* source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code (CVE-2018-10843)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank David Hocky (Comcast) for reporting CVE-2018-1085. The CVE-2018-1070 issue was discovered by Mark Chappell (Red Hat) and the CVE-2018-10843 issue was discovered by Jeremy Choi (Red Hat).\n\nSpace precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nAll OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages and images.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:2013",
        "url": "https://access.redhat.com/errata/RHSA-2018:2013"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html",
        "url": "https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html"
      },
      {
        "category": "external",
        "summary": "1466390",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466390"
      },
      {
        "category": "external",
        "summary": "1498398",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498398"
      },
      {
        "category": "external",
        "summary": "1506175",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506175"
      },
      {
        "category": "external",
        "summary": "1507429",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1507429"
      },
      {
        "category": "external",
        "summary": "1512042",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512042"
      },
      {
        "category": "external",
        "summary": "1525642",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525642"
      },
      {
        "category": "external",
        "summary": "1529575",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529575"
      },
      {
        "category": "external",
        "summary": "1531096",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531096"
      },
      {
        "category": "external",
        "summary": "1534311",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534311"
      },
      {
        "category": "external",
        "summary": "1534894",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534894"
      },
      {
        "category": "external",
        "summary": "1537872",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537872"
      },
      {
        "category": "external",
        "summary": "1538215",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538215"
      },
      {
        "category": "external",
        "summary": "1539252",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539252"
      },
      {
        "category": "external",
        "summary": "1539310",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539310"
      },
      {
        "category": "external",
        "summary": "1539529",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539529"
      },
      {
        "category": "external",
        "summary": "1539757",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539757"
      },
      {
        "category": "external",
        "summary": "1540819",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540819"
      },
      {
        "category": "external",
        "summary": "1541212",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541212"
      },
      {
        "category": "external",
        "summary": "1541350",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541350"
      },
      {
        "category": "external",
        "summary": "1542387",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542387"
      },
      {
        "category": "external",
        "summary": "1542460",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542460"
      },
      {
        "category": "external",
        "summary": "1546097",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546097"
      },
      {
        "category": "external",
        "summary": "1546324",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546324"
      },
      {
        "category": "external",
        "summary": "1546936",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546936"
      },
      {
        "category": "external",
        "summary": "1548677",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548677"
      },
      {
        "category": "external",
        "summary": "1549060",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549060"
      },
      {
        "category": "external",
        "summary": "1549454",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549454"
      },
      {
        "category": "external",
        "summary": "1550193",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550193"
      },
      {
        "category": "external",
        "summary": "1550316",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550316"
      },
      {
        "category": "external",
        "summary": "1550385",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550385"
      },
      {
        "category": "external",
        "summary": "1550591",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550591"
      },
      {
        "category": "external",
        "summary": "1553012",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553012"
      },
      {
        "category": "external",
        "summary": "1553035",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553035"
      },
      {
        "category": "external",
        "summary": "1553294",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553294"
      },
      {
        "category": "external",
        "summary": "1554141",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554141"
      },
      {
        "category": "external",
        "summary": "1554145",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554145"
      },
      {
        "category": "external",
        "summary": "1554239",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554239"
      },
      {
        "category": "external",
        "summary": "1557040",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557040"
      },
      {
        "category": "external",
        "summary": "1557822",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557822"
      },
      {
        "category": "external",
        "summary": "1558183",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558183"
      },
      {
        "category": "external",
        "summary": "1558997",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558997"
      },
      {
        "category": "external",
        "summary": "1560311",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560311"
      },
      {
        "category": "external",
        "summary": "1563150",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563150"
      },
      {
        "category": "external",
        "summary": "1563673",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563673"
      },
      {
        "category": "external",
        "summary": "1566238",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566238"
      },
      {
        "category": "external",
        "summary": "1568815",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568815"
      },
      {
        "category": "external",
        "summary": "1569030",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569030"
      },
      {
        "category": "external",
        "summary": "1570065",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570065"
      },
      {
        "category": "external",
        "summary": "1570581",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570581"
      },
      {
        "category": "external",
        "summary": "1571601",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571601"
      },
      {
        "category": "external",
        "summary": "1571944",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571944"
      },
      {
        "category": "external",
        "summary": "1572786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572786"
      },
      {
        "category": "external",
        "summary": "1579096",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579096"
      },
      {
        "category": "external",
        "summary": "1580538",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580538"
      },
      {
        "category": "external",
        "summary": "1583895",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583895"
      },
      {
        "category": "external",
        "summary": "1585243",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585243"
      },
      {
        "category": "external",
        "summary": "1586076",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1586076"
      },
      {
        "category": "external",
        "summary": "1588009",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588009"
      },
      {
        "category": "external",
        "summary": "1588768",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588768"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2013.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 3.9 security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2026-06-30T11:35:23+00:00",
      "generator": {
        "date": "2026-06-30T11:35:23+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.3.1"
        }
      },
      "id": "RHSA-2018:2013",
      "initial_release_date": "2018-06-27T18:01:43+00:00",
      "revision_history": [
        {
          "date": "2018-06-27T18:01:43+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-06-27T18:01:43+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-30T11:35:23+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 3.9",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 3.9",
                  "product_id": "7Server-RH7-RHOSE-3.9",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:3.9::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
                  "product_id": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.31-1.git.246.bded6a4.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-catalog@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-master@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-federation-services@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_id": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
                  "product_id": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-1.git.167.5d6b0d4.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
                  "product_id": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-1.git.267.bb59a3f.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
                "product": {
                  "name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
                  "product_id": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/prometheus-node-exporter@3.9.31-1.git.890.a55de06.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
                  "product_id": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.9.31-1.git.351.1bd46ed.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
                "product": {
                  "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
                  "product_id": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.31-1.git.246.bded6a4.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
                "product": {
                  "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
                  "product_id": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.9.31-1.git.0.ef9737b.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
                "product": {
                  "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
                  "product_id": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-1.git.167.5d6b0d4.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
                "product": {
                  "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
                  "product_id": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.9.31-1.git.34.154617d.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
                "product": {
                  "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
                  "product_id": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-1.git.267.bb59a3f.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mysql-apb-role-0:1.1.11-1.el7.src",
                "product": {
                  "name": "mysql-apb-role-0:1.1.11-1.el7.src",
                  "product_id": "mysql-apb-role-0:1.1.11-1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mysql-apb-role@1.1.11-1.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
                "product": {
                  "name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
                  "product_id": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.9.31-1.git.890.a55de06.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                "product": {
                  "name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                  "product_id": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.9.31-1.git.0.ef9737b.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                "product": {
                  "name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                  "product_id": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.9.31-1.git.0.ef9737b.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
                "product": {
                  "name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_id": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-utils@3.9.31-1.git.34.154617d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
                "product": {
                  "name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_id": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.9.31-1.git.34.154617d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
                "product": {
                  "name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_id": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-roles@3.9.31-1.git.34.154617d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
                "product": {
                  "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_id": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.9.31-1.git.34.154617d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
                "product": {
                  "name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_id": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-docs@3.9.31-1.git.34.154617d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mysql-apb-role-0:1.1.11-1.el7.noarch",
                "product": {
                  "name": "mysql-apb-role-0:1.1.11-1.el7.noarch",
                  "product_id": "mysql-apb-role-0:1.1.11-1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mysql-apb-role@1.1.11-1.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src"
        },
        "product_reference": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src"
        },
        "product_reference": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64"
        },
        "product_reference": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch"
        },
        "product_reference": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64"
        },
        "product_reference": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch"
        },
        "product_reference": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src"
        },
        "product_reference": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64"
        },
        "product_reference": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
        },
        "product_reference": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch"
        },
        "product_reference": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src"
        },
        "product_reference": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64"
        },
        "product_reference": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src"
        },
        "product_reference": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mysql-apb-role-0:1.1.11-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch"
        },
        "product_reference": "mysql-apb-role-0:1.1.11-1.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mysql-apb-role-0:1.1.11-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src"
        },
        "product_reference": "mysql-apb-role-0:1.1.11-1.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch"
        },
        "product_reference": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src"
        },
        "product_reference": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch"
        },
        "product_reference": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch"
        },
        "product_reference": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch"
        },
        "product_reference": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
          "product_id": "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
        },
        "product_reference": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Mark Chappell"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2018-1070",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2017-10-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1553035"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Improper input validation of the Openshift Routing configuration can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Routing: Malicous Service configuration can bring down routing for an entire shard.",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-1070"
        },
        {
          "category": "external",
          "summary": "RHBZ#1553035",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553035"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1070",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1070"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1070",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1070"
        }
      ],
      "release_date": "2018-04-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-06-27T18:01:43+00:00",
          "details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2013"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Routing: Malicous Service configuration can bring down routing for an entire shard."
    },
    {
      "acknowledgments": [
        {
          "names": [
            "David Hocky"
          ],
          "organization": "Comcast"
        }
      ],
      "cve": "CVE-2018-1085",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "discovery_date": "2018-03-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1557822"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenShift and Atomic Enterprise Ansible deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being configured to allow remote users to connect without any authentication if they can access the etcd server bound to the network on the master nodes. An attacker could use this flaw to read and modify all the data about the Openshift cluster in the etcd datastore, potentially adding another compute node, or bringing down the entire cluster.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue affects Openshift Container Platform (OCP) only if you use the container installation method. The container installation method is tech preview in 3.7.1. This issue affected all users who did a containerized etcd in OCP versions 3.7.1-3.6.\n\nIf etcd is installed via RPM and run via '/usr/bin/etcd' it's not affected by this flaw. You can check if etcd is being run from '/usr//bin/etcd' using a 'ps' command such as this on the master nodes. If Installed via RPM you should get output similar to:\n\nps -ef | grep etcd\n$/usr/bin/etcd --name=master-0.example.com --data-dir=/var/lib/etcd/ --listen-client-urls=https://10.0.1.1:2379\n\nIf etcd is installed via the container method running 'docker ps' on the master will show a container running the registry.access.redhat.com/rhel7/etcd image, eg:\n\nsudo docker ps --filter name=etcd_container\n$704effa9b0cc        registry.access.redhat.com/rhel7/etcd   \"/usr/bin/etcd\"     56 minutes ago      Up 56 minutes                           etcd_container",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-1085"
        },
        {
          "category": "external",
          "summary": "RHBZ#1557822",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557822"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1085",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1085"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1085",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1085"
        }
      ],
      "release_date": "2018-03-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-06-27T18:01:43+00:00",
          "details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2013"
        },
        {
          "category": "workaround",
          "details": "On master nodes where etcd has been installed using the container method:\n\n0. Verify you can connect to etcd without providing TLS authentication credentials. On any master node, check the ETCD_LISTEN_CLIENT_URLS in /etc/etcd/etcd.conf, and use one of the client urls to connect without providing a certificate, eg:\n   curl -4 curl https://10.0.1.1:2379/version -k\n\n0a. If vulnerable output will show something like this:\n   {\"etcdserver\":\"3.2.15\",\"etcdcluster\":\"3.2.0\"}\n\n0b. If not affected the connection will fail with:\n    curl: (58) NSS: client certificate not found (nickname not specified)\n\n1. update /etc/etcd/etcd.conf on the master nodes to remove quotes from these fields:\n   ETCD_PEER_CLIENT_CERT_AUTH=\"true\"\n   ETCD_CLIENT_CERT_AUTH=\"true\"\neg.\n   ETCD_PEER_CLIENT_CERT_AUTH=true\n   ETCD_CLIENT_CERT_AUTH=true\n\n2. Restart the etcd container service:\n   sudo systemctl restart etcd_container\n\n3. Test if client authentication is now required using the steps from 0. above.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jeremy Choi"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2018-10843",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2018-05-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1579096"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation flaw was found in the source-to-image component of Openshift Container Platform which allows the assemble script to run as the root user in a non-privileged container.  An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
          "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
          "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
          "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
          "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-10843"
        },
        {
          "category": "external",
          "summary": "RHBZ#1579096",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579096"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10843",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-10843"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10843",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10843"
        }
      ],
      "release_date": "2018-05-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-06-27T18:01:43+00:00",
          "details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2013"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
            "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
            "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
            "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
            "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code"
    }
  ]
}