{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright © Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "OpenShift sandboxed containers 1.5.0 is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift sandboxed containers support for OpenShift Container Platform\nprovides users with built-in support for running Kata containers as an\nadditional, optional runtime.\n\nThis advisory contains an update for OpenShift sandboxed containers with enhancements and bug fixes.\n\nSpace precludes documenting all of the updates to OpenShift sandboxed\ncontainers in this advisory. See the Release Notes documentation,\nwhich will be updated shortly for this release, for details about these\nchanges:\n\nhttps://access.redhat.com/documentation/en-us/openshift_sandboxed_containers/1.5/html-single/openshift_sandboxed_containers_release_notes/",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHEA-2023:7493",
        "url": "https://access.redhat.com/errata/RHEA-2023:7493"
      },
      {
        "category": "external",
        "summary": "KATA-2135",
        "url": "https://issues.redhat.com/browse/KATA-2135"
      },
      {
        "category": "external",
        "summary": "KATA-2251",
        "url": "https://issues.redhat.com/browse/KATA-2251"
      },
      {
        "category": "external",
        "summary": "KATA-2302",
        "url": "https://issues.redhat.com/browse/KATA-2302"
      },
      {
        "category": "external",
        "summary": "KATA-2317",
        "url": "https://issues.redhat.com/browse/KATA-2317"
      },
      {
        "category": "external",
        "summary": "KATA-2321",
        "url": "https://issues.redhat.com/browse/KATA-2321"
      },
      {
        "category": "external",
        "summary": "KATA-2402",
        "url": "https://issues.redhat.com/browse/KATA-2402"
      },
      {
        "category": "external",
        "summary": "KATA-2411",
        "url": "https://issues.redhat.com/browse/KATA-2411"
      },
      {
        "category": "external",
        "summary": "KATA-2451",
        "url": "https://issues.redhat.com/browse/KATA-2451"
      },
      {
        "category": "external",
        "summary": "KATA-2452",
        "url": "https://issues.redhat.com/browse/KATA-2452"
      },
      {
        "category": "external",
        "summary": "KATA-2453",
        "url": "https://issues.redhat.com/browse/KATA-2453"
      },
      {
        "category": "external",
        "summary": "KATA-2454",
        "url": "https://issues.redhat.com/browse/KATA-2454"
      },
      {
        "category": "external",
        "summary": "KATA-2461",
        "url": "https://issues.redhat.com/browse/KATA-2461"
      },
      {
        "category": "external",
        "summary": "KATA-2462",
        "url": "https://issues.redhat.com/browse/KATA-2462"
      },
      {
        "category": "external",
        "summary": "KATA-2463",
        "url": "https://issues.redhat.com/browse/KATA-2463"
      },
      {
        "category": "external",
        "summary": "KATA-2464",
        "url": "https://issues.redhat.com/browse/KATA-2464"
      },
      {
        "category": "external",
        "summary": "KATA-2465",
        "url": "https://issues.redhat.com/browse/KATA-2465"
      },
      {
        "category": "external",
        "summary": "KATA-2466",
        "url": "https://issues.redhat.com/browse/KATA-2466"
      },
      {
        "category": "external",
        "summary": "KATA-2475",
        "url": "https://issues.redhat.com/browse/KATA-2475"
      },
      {
        "category": "external",
        "summary": "KATA-2476",
        "url": "https://issues.redhat.com/browse/KATA-2476"
      },
      {
        "category": "external",
        "summary": "KATA-2515",
        "url": "https://issues.redhat.com/browse/KATA-2515"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhea-2023_7493.json"
      }
    ],
    "title": "Red Hat Enhancement Advisory: OpenShift sandboxed containers 1.5.0 update",
    "tracking": {
      "current_release_date": "2026-07-01T19:28:02+00:00",
      "generator": {
        "date": "2026-07-01T19:28:02+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.3.1"
        }
      },
      "id": "RHEA-2023:7493",
      "initial_release_date": "2023-11-27T11:44:10+00:00",
      "revision_history": [
        {
          "date": "2023-11-27T11:44:10+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-11-27T11:44:10+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-07-01T19:28:02+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "OpenShift Sandboxed Containers 1.5",
                "product": {
                  "name": "OpenShift Sandboxed Containers 1.5",
                  "product_id": "9Base-OSE-OSC-1.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_sandboxed_containers:1.5.0::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:ceb940eac3a9706d189549d363820f867bf5d3768b26e62aeb247a42e3a0dd93_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:ceb940eac3a9706d189549d363820f867bf5d3768b26e62aeb247a42e3a0dd93_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:ceb940eac3a9706d189549d363820f867bf5d3768b26e62aeb247a42e3a0dd93_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-cloud-api-adaptor-rhel9@sha256:ceb940eac3a9706d189549d363820f867bf5d3768b26e62aeb247a42e3a0dd93?arch=amd64&repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9&tag=1.5.0-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:d0277285d246d2015f0a94df01824801430831cfc767c9ccbb1688a9ec4dd743_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:d0277285d246d2015f0a94df01824801430831cfc767c9ccbb1688a9ec4dd743_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:d0277285d246d2015f0a94df01824801430831cfc767c9ccbb1688a9ec4dd743_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-cloud-api-adaptor-webhook-rhel9@sha256:d0277285d246d2015f0a94df01824801430831cfc767c9ccbb1688a9ec4dd743?arch=amd64&repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9&tag=1.5.0-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-monitor-rhel9@sha256:0cdbaed1c4e0fab4dd2ab109bfeb364997731ae8ef7c4e84b8cac397835f2053_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-monitor-rhel9@sha256:0cdbaed1c4e0fab4dd2ab109bfeb364997731ae8ef7c4e84b8cac397835f2053_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-monitor-rhel9@sha256:0cdbaed1c4e0fab4dd2ab109bfeb364997731ae8ef7c4e84b8cac397835f2053_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-monitor-rhel9@sha256:0cdbaed1c4e0fab4dd2ab109bfeb364997731ae8ef7c4e84b8cac397835f2053?arch=amd64&repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9&tag=1.5.0-9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:8ead5cc2fba3a375f48748eb6dd2883728e1ac62f8afc6503bc4e034164a535c_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:8ead5cc2fba3a375f48748eb6dd2883728e1ac62f8afc6503bc4e034164a535c_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:8ead5cc2fba3a375f48748eb6dd2883728e1ac62f8afc6503bc4e034164a535c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-must-gather-rhel9@sha256:8ead5cc2fba3a375f48748eb6dd2883728e1ac62f8afc6503bc4e034164a535c?arch=amd64&repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9&tag=1.5.0-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-operator-bundle@sha256:e51e8c3e5fc5fc24c1488303e2d92adf101813d1593add947558336c40127dc4_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-operator-bundle@sha256:e51e8c3e5fc5fc24c1488303e2d92adf101813d1593add947558336c40127dc4_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-operator-bundle@sha256:e51e8c3e5fc5fc24c1488303e2d92adf101813d1593add947558336c40127dc4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-operator-bundle@sha256:e51e8c3e5fc5fc24c1488303e2d92adf101813d1593add947558336c40127dc4?arch=amd64&repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle&tag=1.5.0-45"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-rhel9-operator@sha256:4adb6f488fa6e2ee6e1a59665cecb49cebc0d0de6b8790abb3b1001f40f2a5fd_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-rhel9-operator@sha256:4adb6f488fa6e2ee6e1a59665cecb49cebc0d0de6b8790abb3b1001f40f2a5fd_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-rhel9-operator@sha256:4adb6f488fa6e2ee6e1a59665cecb49cebc0d0de6b8790abb3b1001f40f2a5fd_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-rhel9-operator@sha256:4adb6f488fa6e2ee6e1a59665cecb49cebc0d0de6b8790abb3b1001f40f2a5fd?arch=amd64&repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator&tag=1.5.0-14"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:112f7dd50d65cdb5046ac16e88ceed3804f6861fc7271db2a2b842b0b4931360_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:112f7dd50d65cdb5046ac16e88ceed3804f6861fc7271db2a2b842b0b4931360_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:112f7dd50d65cdb5046ac16e88ceed3804f6861fc7271db2a2b842b0b4931360_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-podvm-payload-rhel9@sha256:112f7dd50d65cdb5046ac16e88ceed3804f6861fc7271db2a2b842b0b4931360?arch=amd64&repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9&tag=1.5.0-12"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:aca3d50071c30b75433140f703f4a0dd8210aa07600ea94c2b1c2fbf27173893_s390x",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:aca3d50071c30b75433140f703f4a0dd8210aa07600ea94c2b1c2fbf27173893_s390x",
                  "product_id": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:aca3d50071c30b75433140f703f4a0dd8210aa07600ea94c2b1c2fbf27173893_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-cloud-api-adaptor-rhel9@sha256:aca3d50071c30b75433140f703f4a0dd8210aa07600ea94c2b1c2fbf27173893?arch=s390x&repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9&tag=1.5.0-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:69407c8df88c2b041462f1c111ce348156010af0c483ab3189e776843799b1e5_s390x",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:69407c8df88c2b041462f1c111ce348156010af0c483ab3189e776843799b1e5_s390x",
                  "product_id": "openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:69407c8df88c2b041462f1c111ce348156010af0c483ab3189e776843799b1e5_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-cloud-api-adaptor-webhook-rhel9@sha256:69407c8df88c2b041462f1c111ce348156010af0c483ab3189e776843799b1e5?arch=s390x&repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9&tag=1.5.0-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-monitor-rhel9@sha256:dce657064e74cf9790aeb155ecdf49b336311dd3afc76681f6e979110d8d6b10_s390x",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-monitor-rhel9@sha256:dce657064e74cf9790aeb155ecdf49b336311dd3afc76681f6e979110d8d6b10_s390x",
                  "product_id": "openshift-sandboxed-containers/osc-monitor-rhel9@sha256:dce657064e74cf9790aeb155ecdf49b336311dd3afc76681f6e979110d8d6b10_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-monitor-rhel9@sha256:dce657064e74cf9790aeb155ecdf49b336311dd3afc76681f6e979110d8d6b10?arch=s390x&repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9&tag=1.5.0-9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:91f6a0ab0f45b384850c0fec87a38bf9bf3455cfde4720975e646c542b00d6b7_s390x",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:91f6a0ab0f45b384850c0fec87a38bf9bf3455cfde4720975e646c542b00d6b7_s390x",
                  "product_id": "openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:91f6a0ab0f45b384850c0fec87a38bf9bf3455cfde4720975e646c542b00d6b7_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-must-gather-rhel9@sha256:91f6a0ab0f45b384850c0fec87a38bf9bf3455cfde4720975e646c542b00d6b7?arch=s390x&repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9&tag=1.5.0-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-operator-bundle@sha256:ab665121f5a9e3a9d7f7db76ff4c9d81bf2868a06a4deb6e13436b3a4f096823_s390x",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-operator-bundle@sha256:ab665121f5a9e3a9d7f7db76ff4c9d81bf2868a06a4deb6e13436b3a4f096823_s390x",
                  "product_id": "openshift-sandboxed-containers/osc-operator-bundle@sha256:ab665121f5a9e3a9d7f7db76ff4c9d81bf2868a06a4deb6e13436b3a4f096823_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-operator-bundle@sha256:ab665121f5a9e3a9d7f7db76ff4c9d81bf2868a06a4deb6e13436b3a4f096823?arch=s390x&repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle&tag=1.5.0-45"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-rhel9-operator@sha256:32af14d95384759d0bc71c5a3243de5ed5baad46c115d32d5c87ff2379554067_s390x",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-rhel9-operator@sha256:32af14d95384759d0bc71c5a3243de5ed5baad46c115d32d5c87ff2379554067_s390x",
                  "product_id": "openshift-sandboxed-containers/osc-rhel9-operator@sha256:32af14d95384759d0bc71c5a3243de5ed5baad46c115d32d5c87ff2379554067_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-rhel9-operator@sha256:32af14d95384759d0bc71c5a3243de5ed5baad46c115d32d5c87ff2379554067?arch=s390x&repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator&tag=1.5.0-14"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:989610c8ad1eb4b71be1498e40cca9b76d7edad27712fd165d3564c9d4006078_s390x",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:989610c8ad1eb4b71be1498e40cca9b76d7edad27712fd165d3564c9d4006078_s390x",
                  "product_id": "openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:989610c8ad1eb4b71be1498e40cca9b76d7edad27712fd165d3564c9d4006078_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-podvm-payload-rhel9@sha256:989610c8ad1eb4b71be1498e40cca9b76d7edad27712fd165d3564c9d4006078?arch=s390x&repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9&tag=1.5.0-12"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:aca3d50071c30b75433140f703f4a0dd8210aa07600ea94c2b1c2fbf27173893_s390x as a component of OpenShift Sandboxed Containers 1.5",
          "product_id": "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:aca3d50071c30b75433140f703f4a0dd8210aa07600ea94c2b1c2fbf27173893_s390x"
        },
        "product_reference": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:aca3d50071c30b75433140f703f4a0dd8210aa07600ea94c2b1c2fbf27173893_s390x",
        "relates_to_product_reference": "9Base-OSE-OSC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:ceb940eac3a9706d189549d363820f867bf5d3768b26e62aeb247a42e3a0dd93_amd64 as a component of OpenShift Sandboxed Containers 1.5",
          "product_id": "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:ceb940eac3a9706d189549d363820f867bf5d3768b26e62aeb247a42e3a0dd93_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:ceb940eac3a9706d189549d363820f867bf5d3768b26e62aeb247a42e3a0dd93_amd64",
        "relates_to_product_reference": "9Base-OSE-OSC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:69407c8df88c2b041462f1c111ce348156010af0c483ab3189e776843799b1e5_s390x as a component of OpenShift Sandboxed Containers 1.5",
          "product_id": "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:69407c8df88c2b041462f1c111ce348156010af0c483ab3189e776843799b1e5_s390x"
        },
        "product_reference": "openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:69407c8df88c2b041462f1c111ce348156010af0c483ab3189e776843799b1e5_s390x",
        "relates_to_product_reference": "9Base-OSE-OSC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:d0277285d246d2015f0a94df01824801430831cfc767c9ccbb1688a9ec4dd743_amd64 as a component of OpenShift Sandboxed Containers 1.5",
          "product_id": "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:d0277285d246d2015f0a94df01824801430831cfc767c9ccbb1688a9ec4dd743_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:d0277285d246d2015f0a94df01824801430831cfc767c9ccbb1688a9ec4dd743_amd64",
        "relates_to_product_reference": "9Base-OSE-OSC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-monitor-rhel9@sha256:0cdbaed1c4e0fab4dd2ab109bfeb364997731ae8ef7c4e84b8cac397835f2053_amd64 as a component of OpenShift Sandboxed Containers 1.5",
          "product_id": "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-monitor-rhel9@sha256:0cdbaed1c4e0fab4dd2ab109bfeb364997731ae8ef7c4e84b8cac397835f2053_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-monitor-rhel9@sha256:0cdbaed1c4e0fab4dd2ab109bfeb364997731ae8ef7c4e84b8cac397835f2053_amd64",
        "relates_to_product_reference": "9Base-OSE-OSC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-monitor-rhel9@sha256:dce657064e74cf9790aeb155ecdf49b336311dd3afc76681f6e979110d8d6b10_s390x as a component of OpenShift Sandboxed Containers 1.5",
          "product_id": "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-monitor-rhel9@sha256:dce657064e74cf9790aeb155ecdf49b336311dd3afc76681f6e979110d8d6b10_s390x"
        },
        "product_reference": "openshift-sandboxed-containers/osc-monitor-rhel9@sha256:dce657064e74cf9790aeb155ecdf49b336311dd3afc76681f6e979110d8d6b10_s390x",
        "relates_to_product_reference": "9Base-OSE-OSC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:8ead5cc2fba3a375f48748eb6dd2883728e1ac62f8afc6503bc4e034164a535c_amd64 as a component of OpenShift Sandboxed Containers 1.5",
          "product_id": "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:8ead5cc2fba3a375f48748eb6dd2883728e1ac62f8afc6503bc4e034164a535c_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:8ead5cc2fba3a375f48748eb6dd2883728e1ac62f8afc6503bc4e034164a535c_amd64",
        "relates_to_product_reference": "9Base-OSE-OSC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:91f6a0ab0f45b384850c0fec87a38bf9bf3455cfde4720975e646c542b00d6b7_s390x as a component of OpenShift Sandboxed Containers 1.5",
          "product_id": "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:91f6a0ab0f45b384850c0fec87a38bf9bf3455cfde4720975e646c542b00d6b7_s390x"
        },
        "product_reference": "openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:91f6a0ab0f45b384850c0fec87a38bf9bf3455cfde4720975e646c542b00d6b7_s390x",
        "relates_to_product_reference": "9Base-OSE-OSC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-operator-bundle@sha256:ab665121f5a9e3a9d7f7db76ff4c9d81bf2868a06a4deb6e13436b3a4f096823_s390x as a component of OpenShift Sandboxed Containers 1.5",
          "product_id": "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-operator-bundle@sha256:ab665121f5a9e3a9d7f7db76ff4c9d81bf2868a06a4deb6e13436b3a4f096823_s390x"
        },
        "product_reference": "openshift-sandboxed-containers/osc-operator-bundle@sha256:ab665121f5a9e3a9d7f7db76ff4c9d81bf2868a06a4deb6e13436b3a4f096823_s390x",
        "relates_to_product_reference": "9Base-OSE-OSC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-operator-bundle@sha256:e51e8c3e5fc5fc24c1488303e2d92adf101813d1593add947558336c40127dc4_amd64 as a component of OpenShift Sandboxed Containers 1.5",
          "product_id": "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-operator-bundle@sha256:e51e8c3e5fc5fc24c1488303e2d92adf101813d1593add947558336c40127dc4_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-operator-bundle@sha256:e51e8c3e5fc5fc24c1488303e2d92adf101813d1593add947558336c40127dc4_amd64",
        "relates_to_product_reference": "9Base-OSE-OSC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:112f7dd50d65cdb5046ac16e88ceed3804f6861fc7271db2a2b842b0b4931360_amd64 as a component of OpenShift Sandboxed Containers 1.5",
          "product_id": "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:112f7dd50d65cdb5046ac16e88ceed3804f6861fc7271db2a2b842b0b4931360_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:112f7dd50d65cdb5046ac16e88ceed3804f6861fc7271db2a2b842b0b4931360_amd64",
        "relates_to_product_reference": "9Base-OSE-OSC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:989610c8ad1eb4b71be1498e40cca9b76d7edad27712fd165d3564c9d4006078_s390x as a component of OpenShift Sandboxed Containers 1.5",
          "product_id": "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:989610c8ad1eb4b71be1498e40cca9b76d7edad27712fd165d3564c9d4006078_s390x"
        },
        "product_reference": "openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:989610c8ad1eb4b71be1498e40cca9b76d7edad27712fd165d3564c9d4006078_s390x",
        "relates_to_product_reference": "9Base-OSE-OSC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-rhel9-operator@sha256:32af14d95384759d0bc71c5a3243de5ed5baad46c115d32d5c87ff2379554067_s390x as a component of OpenShift Sandboxed Containers 1.5",
          "product_id": "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-rhel9-operator@sha256:32af14d95384759d0bc71c5a3243de5ed5baad46c115d32d5c87ff2379554067_s390x"
        },
        "product_reference": "openshift-sandboxed-containers/osc-rhel9-operator@sha256:32af14d95384759d0bc71c5a3243de5ed5baad46c115d32d5c87ff2379554067_s390x",
        "relates_to_product_reference": "9Base-OSE-OSC-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-rhel9-operator@sha256:4adb6f488fa6e2ee6e1a59665cecb49cebc0d0de6b8790abb3b1001f40f2a5fd_amd64 as a component of OpenShift Sandboxed Containers 1.5",
          "product_id": "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-rhel9-operator@sha256:4adb6f488fa6e2ee6e1a59665cecb49cebc0d0de6b8790abb3b1001f40f2a5fd_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-rhel9-operator@sha256:4adb6f488fa6e2ee6e1a59665cecb49cebc0d0de6b8790abb3b1001f40f2a5fd_amd64",
        "relates_to_product_reference": "9Base-OSE-OSC-1.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-25173",
      "cwe": {
        "id": "CWE-842",
        "name": "Placement of User into Incorrect Group"
      },
      "discovery_date": "2023-03-01T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:aca3d50071c30b75433140f703f4a0dd8210aa07600ea94c2b1c2fbf27173893_s390x",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:ceb940eac3a9706d189549d363820f867bf5d3768b26e62aeb247a42e3a0dd93_amd64",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:69407c8df88c2b041462f1c111ce348156010af0c483ab3189e776843799b1e5_s390x",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:d0277285d246d2015f0a94df01824801430831cfc767c9ccbb1688a9ec4dd743_amd64",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-monitor-rhel9@sha256:0cdbaed1c4e0fab4dd2ab109bfeb364997731ae8ef7c4e84b8cac397835f2053_amd64",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-monitor-rhel9@sha256:dce657064e74cf9790aeb155ecdf49b336311dd3afc76681f6e979110d8d6b10_s390x",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:8ead5cc2fba3a375f48748eb6dd2883728e1ac62f8afc6503bc4e034164a535c_amd64",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:91f6a0ab0f45b384850c0fec87a38bf9bf3455cfde4720975e646c542b00d6b7_s390x",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-operator-bundle@sha256:ab665121f5a9e3a9d7f7db76ff4c9d81bf2868a06a4deb6e13436b3a4f096823_s390x",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-operator-bundle@sha256:e51e8c3e5fc5fc24c1488303e2d92adf101813d1593add947558336c40127dc4_amd64",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:112f7dd50d65cdb5046ac16e88ceed3804f6861fc7271db2a2b842b0b4931360_amd64",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:989610c8ad1eb4b71be1498e40cca9b76d7edad27712fd165d3564c9d4006078_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2174485"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in containerd, where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases. This issue can allow access to sensitive information or gain the ability to execute code in that container.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "containerd: Supplementary groups are not set up properly",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The following products include containerd related code, but do not use the specific Go packages impacted by this CVE, `containerd/cri/server` and `containerd/oci`. This CVE is therefore rated Low for these products:\n\n* OpenShift Container Platform\n* OpenShift Service Mesh\n* OpenShift API for Data Protection\n* Red Hat Advanced Cluster Security\n* Red Hat Advanced Cluster Management for Kubernetes",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-rhel9-operator@sha256:32af14d95384759d0bc71c5a3243de5ed5baad46c115d32d5c87ff2379554067_s390x",
          "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-rhel9-operator@sha256:4adb6f488fa6e2ee6e1a59665cecb49cebc0d0de6b8790abb3b1001f40f2a5fd_amd64"
        ],
        "known_not_affected": [
          "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:aca3d50071c30b75433140f703f4a0dd8210aa07600ea94c2b1c2fbf27173893_s390x",
          "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:ceb940eac3a9706d189549d363820f867bf5d3768b26e62aeb247a42e3a0dd93_amd64",
          "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:69407c8df88c2b041462f1c111ce348156010af0c483ab3189e776843799b1e5_s390x",
          "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:d0277285d246d2015f0a94df01824801430831cfc767c9ccbb1688a9ec4dd743_amd64",
          "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-monitor-rhel9@sha256:0cdbaed1c4e0fab4dd2ab109bfeb364997731ae8ef7c4e84b8cac397835f2053_amd64",
          "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-monitor-rhel9@sha256:dce657064e74cf9790aeb155ecdf49b336311dd3afc76681f6e979110d8d6b10_s390x",
          "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:8ead5cc2fba3a375f48748eb6dd2883728e1ac62f8afc6503bc4e034164a535c_amd64",
          "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:91f6a0ab0f45b384850c0fec87a38bf9bf3455cfde4720975e646c542b00d6b7_s390x",
          "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-operator-bundle@sha256:ab665121f5a9e3a9d7f7db76ff4c9d81bf2868a06a4deb6e13436b3a4f096823_s390x",
          "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-operator-bundle@sha256:e51e8c3e5fc5fc24c1488303e2d92adf101813d1593add947558336c40127dc4_amd64",
          "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:112f7dd50d65cdb5046ac16e88ceed3804f6861fc7271db2a2b842b0b4931360_amd64",
          "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:989610c8ad1eb4b71be1498e40cca9b76d7edad27712fd165d3564c9d4006078_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-25173"
        },
        {
          "category": "external",
          "summary": "RHBZ#2174485",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174485"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25173",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25173",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25173"
        },
        {
          "category": "external",
          "summary": "https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a",
          "url": "https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a"
        },
        {
          "category": "external",
          "summary": "https://github.com/containerd/containerd/releases/tag/v1.5.18",
          "url": "https://github.com/containerd/containerd/releases/tag/v1.5.18"
        },
        {
          "category": "external",
          "summary": "https://github.com/containerd/containerd/releases/tag/v1.6.18",
          "url": "https://github.com/containerd/containerd/releases/tag/v1.6.18"
        },
        {
          "category": "external",
          "summary": "https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p",
          "url": "https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p"
        },
        {
          "category": "external",
          "summary": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/",
          "url": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/"
        }
      ],
      "release_date": "2023-02-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-11-27T11:44:10+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-rhel9-operator@sha256:32af14d95384759d0bc71c5a3243de5ed5baad46c115d32d5c87ff2379554067_s390x",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-rhel9-operator@sha256:4adb6f488fa6e2ee6e1a59665cecb49cebc0d0de6b8790abb3b1001f40f2a5fd_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHEA-2023:7493"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:aca3d50071c30b75433140f703f4a0dd8210aa07600ea94c2b1c2fbf27173893_s390x",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:ceb940eac3a9706d189549d363820f867bf5d3768b26e62aeb247a42e3a0dd93_amd64",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:69407c8df88c2b041462f1c111ce348156010af0c483ab3189e776843799b1e5_s390x",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:d0277285d246d2015f0a94df01824801430831cfc767c9ccbb1688a9ec4dd743_amd64",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-monitor-rhel9@sha256:0cdbaed1c4e0fab4dd2ab109bfeb364997731ae8ef7c4e84b8cac397835f2053_amd64",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-monitor-rhel9@sha256:dce657064e74cf9790aeb155ecdf49b336311dd3afc76681f6e979110d8d6b10_s390x",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:8ead5cc2fba3a375f48748eb6dd2883728e1ac62f8afc6503bc4e034164a535c_amd64",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:91f6a0ab0f45b384850c0fec87a38bf9bf3455cfde4720975e646c542b00d6b7_s390x",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-operator-bundle@sha256:ab665121f5a9e3a9d7f7db76ff4c9d81bf2868a06a4deb6e13436b3a4f096823_s390x",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-operator-bundle@sha256:e51e8c3e5fc5fc24c1488303e2d92adf101813d1593add947558336c40127dc4_amd64",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:112f7dd50d65cdb5046ac16e88ceed3804f6861fc7271db2a2b842b0b4931360_amd64",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:989610c8ad1eb4b71be1498e40cca9b76d7edad27712fd165d3564c9d4006078_s390x",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-rhel9-operator@sha256:32af14d95384759d0bc71c5a3243de5ed5baad46c115d32d5c87ff2379554067_s390x",
            "9Base-OSE-OSC-1.5:openshift-sandboxed-containers/osc-rhel9-operator@sha256:4adb6f488fa6e2ee6e1a59665cecb49cebc0d0de6b8790abb3b1001f40f2a5fd_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "containerd: Supplementary groups are not set up properly"
    }
  ]
}