Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/ignition@2.14.0-3.rhaos4.11?arch=el8
Typerpm
Namespaceredhat
Nameignition
Version2.14.0-3.rhaos4.11
Qualifiers
arch el8
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-4pue-fbre-zfcf
vulnerability_id VCID-4pue-fbre-zfcf
summary Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23806.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23806.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23806
reference_id
reference_type
scores
0
value 0.0004
scoring_system epss
scoring_elements 0.12203
published_at 2026-04-02T12:55:00Z
1
value 0.0004
scoring_system epss
scoring_elements 0.12248
published_at 2026-04-04T12:55:00Z
2
value 0.0004
scoring_system epss
scoring_elements 0.12048
published_at 2026-04-07T12:55:00Z
3
value 0.0004
scoring_system epss
scoring_elements 0.12129
published_at 2026-04-08T12:55:00Z
4
value 0.0004
scoring_system epss
scoring_elements 0.12181
published_at 2026-04-09T12:55:00Z
5
value 0.0004
scoring_system epss
scoring_elements 0.12189
published_at 2026-04-11T12:55:00Z
6
value 0.0004
scoring_system epss
scoring_elements 0.12152
published_at 2026-04-12T12:55:00Z
7
value 0.0004
scoring_system epss
scoring_elements 0.1212
published_at 2026-04-13T12:55:00Z
8
value 0.0004
scoring_system epss
scoring_elements 0.1199
published_at 2026-04-16T12:55:00Z
9
value 0.0004
scoring_system epss
scoring_elements 0.11986
published_at 2026-04-18T12:55:00Z
10
value 0.0004
scoring_system epss
scoring_elements 0.12105
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23806
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23806
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23806
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2053429
reference_id 2053429
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2053429
5
reference_url https://security.gentoo.org/glsa/202208-02
reference_id GLSA-202208-02
reference_type
scores
url https://security.gentoo.org/glsa/202208-02
6
reference_url https://access.redhat.com/errata/RHSA-2022:1819
reference_id RHSA-2022:1819
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1819
7
reference_url https://access.redhat.com/errata/RHSA-2022:4860
reference_id RHSA-2022:4860
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4860
8
reference_url https://access.redhat.com/errata/RHSA-2022:4863
reference_id RHSA-2022:4863
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4863
9
reference_url https://access.redhat.com/errata/RHSA-2022:5004
reference_id RHSA-2022:5004
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5004
10
reference_url https://access.redhat.com/errata/RHSA-2022:5006
reference_id RHSA-2022:5006
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5006
11
reference_url https://access.redhat.com/errata/RHSA-2022:5068
reference_id RHSA-2022:5068
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5068
12
reference_url https://access.redhat.com/errata/RHSA-2022:5729
reference_id RHSA-2022:5729
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5729
13
reference_url https://access.redhat.com/errata/RHSA-2022:5875
reference_id RHSA-2022:5875
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5875
14
reference_url https://access.redhat.com/errata/RHSA-2022:6094
reference_id RHSA-2022:6094
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6094
15
reference_url https://access.redhat.com/errata/RHSA-2022:6156
reference_id RHSA-2022:6156
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6156
16
reference_url https://access.redhat.com/errata/RHSA-2023:0408
reference_id RHSA-2023:0408
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0408
17
reference_url https://access.redhat.com/errata/RHSA-2023:1529
reference_id RHSA-2023:1529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1529
fixed_packages
aliases CVE-2022-23806
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4pue-fbre-zfcf
1
url VCID-7e1n-pvrt-g3fy
vulnerability_id VCID-7e1n-pvrt-g3fy
summary Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24921.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24921.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24921
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04592
published_at 2026-04-02T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.04614
published_at 2026-04-04T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04626
published_at 2026-04-07T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.04661
published_at 2026-04-08T12:55:00Z
4
value 0.00018
scoring_system epss
scoring_elements 0.04673
published_at 2026-04-09T12:55:00Z
5
value 0.00018
scoring_system epss
scoring_elements 0.04667
published_at 2026-04-11T12:55:00Z
6
value 0.00018
scoring_system epss
scoring_elements 0.04649
published_at 2026-04-12T12:55:00Z
7
value 0.00018
scoring_system epss
scoring_elements 0.04632
published_at 2026-04-13T12:55:00Z
8
value 0.00018
scoring_system epss
scoring_elements 0.046
published_at 2026-04-16T12:55:00Z
9
value 0.00018
scoring_system epss
scoring_elements 0.0461
published_at 2026-04-18T12:55:00Z
10
value 0.00018
scoring_system epss
scoring_elements 0.0475
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24921
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2064857
reference_id 2064857
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2064857
5
reference_url https://security.gentoo.org/glsa/202208-02
reference_id GLSA-202208-02
reference_type
scores
url https://security.gentoo.org/glsa/202208-02
6
reference_url https://access.redhat.com/errata/RHSA-2022:5068
reference_id RHSA-2022:5068
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5068
7
reference_url https://access.redhat.com/errata/RHSA-2022:5337
reference_id RHSA-2022:5337
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5337
8
reference_url https://access.redhat.com/errata/RHSA-2022:5415
reference_id RHSA-2022:5415
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5415
9
reference_url https://access.redhat.com/errata/RHSA-2022:5729
reference_id RHSA-2022:5729
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5729
10
reference_url https://access.redhat.com/errata/RHSA-2022:5730
reference_id RHSA-2022:5730
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5730
11
reference_url https://access.redhat.com/errata/RHSA-2022:5799
reference_id RHSA-2022:5799
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5799
12
reference_url https://access.redhat.com/errata/RHSA-2022:6040
reference_id RHSA-2022:6040
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6040
13
reference_url https://access.redhat.com/errata/RHSA-2022:6042
reference_id RHSA-2022:6042
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6042
14
reference_url https://access.redhat.com/errata/RHSA-2022:6156
reference_id RHSA-2022:6156
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6156
15
reference_url https://access.redhat.com/errata/RHSA-2022:6277
reference_id RHSA-2022:6277
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6277
16
reference_url https://access.redhat.com/errata/RHSA-2022:6714
reference_id RHSA-2022:6714
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6714
17
reference_url https://access.redhat.com/errata/RHSA-2023:0407
reference_id RHSA-2023:0407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0407
fixed_packages
aliases CVE-2022-24921
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7e1n-pvrt-g3fy
2
url VCID-835d-4cep-d3ff
vulnerability_id VCID-835d-4cep-d3ff
summary Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23772.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23772.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23772
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.10135
published_at 2026-04-02T12:55:00Z
1
value 0.00035
scoring_system epss
scoring_elements 0.102
published_at 2026-04-04T12:55:00Z
2
value 0.00035
scoring_system epss
scoring_elements 0.10097
published_at 2026-04-07T12:55:00Z
3
value 0.00035
scoring_system epss
scoring_elements 0.10172
published_at 2026-04-08T12:55:00Z
4
value 0.00035
scoring_system epss
scoring_elements 0.10233
published_at 2026-04-09T12:55:00Z
5
value 0.00035
scoring_system epss
scoring_elements 0.10269
published_at 2026-04-11T12:55:00Z
6
value 0.00035
scoring_system epss
scoring_elements 0.10228
published_at 2026-04-12T12:55:00Z
7
value 0.00035
scoring_system epss
scoring_elements 0.10209
published_at 2026-04-13T12:55:00Z
8
value 0.00035
scoring_system epss
scoring_elements 0.10081
published_at 2026-04-16T12:55:00Z
9
value 0.00035
scoring_system epss
scoring_elements 0.10058
published_at 2026-04-18T12:55:00Z
10
value 0.00035
scoring_system epss
scoring_elements 0.1019
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23772
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23772
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23772
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2053532
reference_id 2053532
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2053532
5
reference_url https://security.gentoo.org/glsa/202208-02
reference_id GLSA-202208-02
reference_type
scores
url https://security.gentoo.org/glsa/202208-02
6
reference_url https://access.redhat.com/errata/RHSA-2022:1819
reference_id RHSA-2022:1819
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1819
7
reference_url https://access.redhat.com/errata/RHSA-2022:4860
reference_id RHSA-2022:4860
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4860
8
reference_url https://access.redhat.com/errata/RHSA-2022:4863
reference_id RHSA-2022:4863
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4863
9
reference_url https://access.redhat.com/errata/RHSA-2022:5004
reference_id RHSA-2022:5004
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5004
10
reference_url https://access.redhat.com/errata/RHSA-2022:5068
reference_id RHSA-2022:5068
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5068
11
reference_url https://access.redhat.com/errata/RHSA-2022:5730
reference_id RHSA-2022:5730
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5730
12
reference_url https://access.redhat.com/errata/RHSA-2022:6155
reference_id RHSA-2022:6155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6155
13
reference_url https://access.redhat.com/errata/RHSA-2022:6156
reference_id RHSA-2022:6156
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6156
14
reference_url https://access.redhat.com/errata/RHSA-2022:6526
reference_id RHSA-2022:6526
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6526
15
reference_url https://access.redhat.com/errata/RHSA-2023:0408
reference_id RHSA-2023:0408
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0408
16
reference_url https://access.redhat.com/errata/RHSA-2023:1529
reference_id RHSA-2023:1529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1529
17
reference_url https://access.redhat.com/errata/RHSA-2023:3914
reference_id RHSA-2023:3914
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3914
18
reference_url https://access.redhat.com/errata/RHSA-2024:5754
reference_id RHSA-2024:5754
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5754
19
reference_url https://access.redhat.com/errata/RHSA-2024:6412
reference_id RHSA-2024:6412
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6412
fixed_packages
aliases CVE-2022-23772
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-835d-4cep-d3ff
3
url VCID-dsm8-ck8e-wfdh
vulnerability_id VCID-dsm8-ck8e-wfdh
summary Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24675.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24675.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24675
reference_id
reference_type
scores
0
value 0.00179
scoring_system epss
scoring_elements 0.39576
published_at 2026-04-02T12:55:00Z
1
value 0.00179
scoring_system epss
scoring_elements 0.39599
published_at 2026-04-04T12:55:00Z
2
value 0.00179
scoring_system epss
scoring_elements 0.39515
published_at 2026-04-07T12:55:00Z
3
value 0.00179
scoring_system epss
scoring_elements 0.3957
published_at 2026-04-08T12:55:00Z
4
value 0.00179
scoring_system epss
scoring_elements 0.39586
published_at 2026-04-09T12:55:00Z
5
value 0.00179
scoring_system epss
scoring_elements 0.39596
published_at 2026-04-11T12:55:00Z
6
value 0.00179
scoring_system epss
scoring_elements 0.39558
published_at 2026-04-12T12:55:00Z
7
value 0.00179
scoring_system epss
scoring_elements 0.39542
published_at 2026-04-13T12:55:00Z
8
value 0.00179
scoring_system epss
scoring_elements 0.39592
published_at 2026-04-16T12:55:00Z
9
value 0.00179
scoring_system epss
scoring_elements 0.39562
published_at 2026-04-18T12:55:00Z
10
value 0.00179
scoring_system epss
scoring_elements 0.39478
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24675
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2077688
reference_id 2077688
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2077688
4
reference_url https://security.gentoo.org/glsa/202208-02
reference_id GLSA-202208-02
reference_type
scores
url https://security.gentoo.org/glsa/202208-02
5
reference_url https://access.redhat.com/errata/RHSA-2022:5006
reference_id RHSA-2022:5006
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5006
6
reference_url https://access.redhat.com/errata/RHSA-2022:5068
reference_id RHSA-2022:5068
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5068
7
reference_url https://access.redhat.com/errata/RHSA-2022:5337
reference_id RHSA-2022:5337
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5337
8
reference_url https://access.redhat.com/errata/RHSA-2022:5415
reference_id RHSA-2022:5415
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5415
9
reference_url https://access.redhat.com/errata/RHSA-2022:5729
reference_id RHSA-2022:5729
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5729
10
reference_url https://access.redhat.com/errata/RHSA-2022:5730
reference_id RHSA-2022:5730
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5730
11
reference_url https://access.redhat.com/errata/RHSA-2022:5799
reference_id RHSA-2022:5799
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5799
12
reference_url https://access.redhat.com/errata/RHSA-2022:5840
reference_id RHSA-2022:5840
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5840
13
reference_url https://access.redhat.com/errata/RHSA-2022:6040
reference_id RHSA-2022:6040
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6040
14
reference_url https://access.redhat.com/errata/RHSA-2022:6042
reference_id RHSA-2022:6042
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6042
15
reference_url https://access.redhat.com/errata/RHSA-2022:6094
reference_id RHSA-2022:6094
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6094
16
reference_url https://access.redhat.com/errata/RHSA-2022:6152
reference_id RHSA-2022:6152
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6152
17
reference_url https://access.redhat.com/errata/RHSA-2022:6155
reference_id RHSA-2022:6155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6155
18
reference_url https://access.redhat.com/errata/RHSA-2022:6156
reference_id RHSA-2022:6156
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6156
19
reference_url https://access.redhat.com/errata/RHSA-2022:6277
reference_id RHSA-2022:6277
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6277
20
reference_url https://access.redhat.com/errata/RHSA-2022:6290
reference_id RHSA-2022:6290
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6290
21
reference_url https://access.redhat.com/errata/RHSA-2022:6430
reference_id RHSA-2022:6430
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6430
22
reference_url https://access.redhat.com/errata/RHSA-2022:6526
reference_id RHSA-2022:6526
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6526
23
reference_url https://access.redhat.com/errata/RHSA-2022:6714
reference_id RHSA-2022:6714
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6714
24
reference_url https://access.redhat.com/errata/RHSA-2022:7058
reference_id RHSA-2022:7058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7058
25
reference_url https://access.redhat.com/errata/RHSA-2022:8750
reference_id RHSA-2022:8750
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8750
26
reference_url https://access.redhat.com/errata/RHSA-2023:1529
reference_id RHSA-2023:1529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1529
27
reference_url https://access.redhat.com/errata/RHSA-2023:3642
reference_id RHSA-2023:3642
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3642
28
reference_url https://access.redhat.com/errata/RHSA-2023:3914
reference_id RHSA-2023:3914
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3914
fixed_packages
aliases CVE-2022-24675
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dsm8-ck8e-wfdh
4
url VCID-ps89-8u5a-kfc8
vulnerability_id VCID-ps89-8u5a-kfc8
summary Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1705.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1705.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1705
reference_id
reference_type
scores
0
value 0.00053
scoring_system epss
scoring_elements 0.16637
published_at 2026-04-01T12:55:00Z
1
value 0.00053
scoring_system epss
scoring_elements 0.1681
published_at 2026-04-02T12:55:00Z
2
value 0.00053
scoring_system epss
scoring_elements 0.16653
published_at 2026-04-21T12:55:00Z
3
value 0.00053
scoring_system epss
scoring_elements 0.16867
published_at 2026-04-04T12:55:00Z
4
value 0.00053
scoring_system epss
scoring_elements 0.16652
published_at 2026-04-07T12:55:00Z
5
value 0.00053
scoring_system epss
scoring_elements 0.16737
published_at 2026-04-08T12:55:00Z
6
value 0.00053
scoring_system epss
scoring_elements 0.16791
published_at 2026-04-09T12:55:00Z
7
value 0.00053
scoring_system epss
scoring_elements 0.16771
published_at 2026-04-11T12:55:00Z
8
value 0.00053
scoring_system epss
scoring_elements 0.16727
published_at 2026-04-12T12:55:00Z
9
value 0.00053
scoring_system epss
scoring_elements 0.1667
published_at 2026-04-13T12:55:00Z
10
value 0.00053
scoring_system epss
scoring_elements 0.16606
published_at 2026-04-16T12:55:00Z
11
value 0.00053
scoring_system epss
scoring_elements 0.16615
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1705
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2107374
reference_id 2107374
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2107374
5
reference_url https://go.dev/cl/409874
reference_id 409874
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:47Z/
url https://go.dev/cl/409874
6
reference_url https://go.dev/cl/410714
reference_id 410714
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:47Z/
url https://go.dev/cl/410714
7
reference_url https://go.dev/issue/53188
reference_id 53188
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:47Z/
url https://go.dev/issue/53188
8
reference_url https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f
reference_id e5017a93fcde94f09836200bca55324af037ee5f
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:47Z/
url https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f
9
reference_url https://security.gentoo.org/glsa/202208-02
reference_id GLSA-202208-02
reference_type
scores
url https://security.gentoo.org/glsa/202208-02
10
reference_url https://pkg.go.dev/vuln/GO-2022-0525
reference_id GO-2022-0525
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:47Z/
url https://pkg.go.dev/vuln/GO-2022-0525
11
reference_url https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
reference_id nqrv9fbR0zE
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:47Z/
url https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
12
reference_url https://access.redhat.com/errata/RHSA-2022:5068
reference_id RHSA-2022:5068
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5068
13
reference_url https://access.redhat.com/errata/RHSA-2022:5775
reference_id RHSA-2022:5775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5775
14
reference_url https://access.redhat.com/errata/RHSA-2022:5799
reference_id RHSA-2022:5799
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5799
15
reference_url https://access.redhat.com/errata/RHSA-2022:5866
reference_id RHSA-2022:5866
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5866
16
reference_url https://access.redhat.com/errata/RHSA-2022:6040
reference_id RHSA-2022:6040
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6040
17
reference_url https://access.redhat.com/errata/RHSA-2022:6042
reference_id RHSA-2022:6042
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6042
18
reference_url https://access.redhat.com/errata/RHSA-2022:6113
reference_id RHSA-2022:6113
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6113
19
reference_url https://access.redhat.com/errata/RHSA-2022:6152
reference_id RHSA-2022:6152
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6152
20
reference_url https://access.redhat.com/errata/RHSA-2022:6183
reference_id RHSA-2022:6183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6183
21
reference_url https://access.redhat.com/errata/RHSA-2022:6187
reference_id RHSA-2022:6187
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6187
22
reference_url https://access.redhat.com/errata/RHSA-2022:6188
reference_id RHSA-2022:6188
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6188
23
reference_url https://access.redhat.com/errata/RHSA-2022:6283
reference_id RHSA-2022:6283
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6283
24
reference_url https://access.redhat.com/errata/RHSA-2022:6344
reference_id RHSA-2022:6344
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6344
25
reference_url https://access.redhat.com/errata/RHSA-2022:6430
reference_id RHSA-2022:6430
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6430
26
reference_url https://access.redhat.com/errata/RHSA-2022:7129
reference_id RHSA-2022:7129
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7129
27
reference_url https://access.redhat.com/errata/RHSA-2022:7398
reference_id RHSA-2022:7398
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7398
28
reference_url https://access.redhat.com/errata/RHSA-2022:7399
reference_id RHSA-2022:7399
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7399
29
reference_url https://access.redhat.com/errata/RHSA-2022:7519
reference_id RHSA-2022:7519
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7519
30
reference_url https://access.redhat.com/errata/RHSA-2022:7529
reference_id RHSA-2022:7529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7529
31
reference_url https://access.redhat.com/errata/RHSA-2022:7648
reference_id RHSA-2022:7648
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7648
32
reference_url https://access.redhat.com/errata/RHSA-2022:8057
reference_id RHSA-2022:8057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8057
33
reference_url https://access.redhat.com/errata/RHSA-2022:8098
reference_id RHSA-2022:8098
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8098
34
reference_url https://access.redhat.com/errata/RHSA-2022:8250
reference_id RHSA-2022:8250
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8250
35
reference_url https://access.redhat.com/errata/RHSA-2022:8626
reference_id RHSA-2022:8626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8626
36
reference_url https://access.redhat.com/errata/RHSA-2022:9047
reference_id RHSA-2022:9047
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:9047
37
reference_url https://access.redhat.com/errata/RHSA-2023:0407
reference_id RHSA-2023:0407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0407
38
reference_url https://access.redhat.com/errata/RHSA-2023:0408
reference_id RHSA-2023:0408
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0408
39
reference_url https://access.redhat.com/errata/RHSA-2023:1042
reference_id RHSA-2023:1042
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1042
40
reference_url https://access.redhat.com/errata/RHSA-2023:1275
reference_id RHSA-2023:1275
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1275
41
reference_url https://access.redhat.com/errata/RHSA-2023:1529
reference_id RHSA-2023:1529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1529
42
reference_url https://access.redhat.com/errata/RHSA-2023:2357
reference_id RHSA-2023:2357
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2357
43
reference_url https://access.redhat.com/errata/RHSA-2023:2758
reference_id RHSA-2023:2758
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2758
44
reference_url https://access.redhat.com/errata/RHSA-2023:2802
reference_id RHSA-2023:2802
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2802
45
reference_url https://access.redhat.com/errata/RHSA-2023:3642
reference_id RHSA-2023:3642
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3642
46
reference_url https://usn.ubuntu.com/6038-1/
reference_id USN-6038-1
reference_type
scores
url https://usn.ubuntu.com/6038-1/
47
reference_url https://usn.ubuntu.com/6038-2/
reference_id USN-6038-2
reference_type
scores
url https://usn.ubuntu.com/6038-2/
fixed_packages
aliases CVE-2022-1705
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ps89-8u5a-kfc8
5
url VCID-y131-2ntq-hfdn
vulnerability_id VCID-y131-2ntq-hfdn
summary 
Ignition config accessible to unprivileged software on VMware
### Impact
Unprivileged software in VMware VMs, including software running in unprivileged containers, can retrieve an Ignition config stored in a hypervisor guestinfo variable or OVF environment.  If the Ignition config contains secrets, this can result in the compromise of sensitive information.

### Patches
Ignition 2.14.0 and later [adds](https://github.com/coreos/ignition/pull/1350) a new systemd service, `ignition-delete-config.service`, that deletes the Ignition config from supported hypervisors (currently VMware and VirtualBox) during the first boot.  This ensures that unprivileged software cannot retrieve the Ignition config from the hypervisor.

If you have external tooling that requires the Ignition config to remain accessible in VM metadata after provisioning, and your Ignition config does not include sensitive information, you can prevent Ignition 2.14.0 and later from deleting the config by masking `ignition-delete-config.service`.  For example:

```json
{
  "ignition": {
    "version": "3.0.0"
  },
  "systemd": {
    "units": [
      {
        "name": "ignition-delete-config.service",
        "mask": true
      }
    ]
  }
}
```

### Workarounds
[Avoid storing secrets](https://coreos.github.io/ignition/operator-notes/#secrets) in Ignition configs. In addition to VMware, many cloud platforms allow unprivileged software in a VM to retrieve the Ignition config from a networked cloud metadata service. While platform-specific mitigation is possible, such as firewall rules that prevent access to the metadata service, it's best to store secrets in a dedicated platform such as [Hashicorp Vault](https://www.vaultproject.io/).

### Advice to Linux distributions
Linux distributions that ship Ignition should ensure the new `ignition-delete-config.service` is installed and enabled by default.

In addition, we recommend shipping a service similar to `ignition-delete-config.service` that runs when existing machines are upgraded, similar to the one in https://github.com/coreos/fedora-coreos-config/pull/1738. Consider giving your users advance notice of this change, and providing instructions for masking `ignition-delete-config.service` on existing nodes if users have tooling that requires the Ignition config to remain accessible in VM metadata.

### References
For more information, see #1300 and #1350.

### For more information
If you have any questions or comments about this advisory, [open an issue in Ignition](https://github.com/coreos/ignition/issues/new/choose) or email the CoreOS [development mailing list](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1706.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1706.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1706
reference_id
reference_type
scores
0
value 0.00592
scoring_system epss
scoring_elements 0.69264
published_at 2026-04-21T12:55:00Z
1
value 0.00592
scoring_system epss
scoring_elements 0.69208
published_at 2026-04-04T12:55:00Z
2
value 0.00592
scoring_system epss
scoring_elements 0.69189
published_at 2026-04-07T12:55:00Z
3
value 0.00592
scoring_system epss
scoring_elements 0.69239
published_at 2026-04-08T12:55:00Z
4
value 0.00592
scoring_system epss
scoring_elements 0.69258
published_at 2026-04-09T12:55:00Z
5
value 0.00592
scoring_system epss
scoring_elements 0.6928
published_at 2026-04-11T12:55:00Z
6
value 0.00592
scoring_system epss
scoring_elements 0.69265
published_at 2026-04-12T12:55:00Z
7
value 0.00592
scoring_system epss
scoring_elements 0.69237
published_at 2026-04-13T12:55:00Z
8
value 0.00592
scoring_system epss
scoring_elements 0.69276
published_at 2026-04-16T12:55:00Z
9
value 0.00592
scoring_system epss
scoring_elements 0.69284
published_at 2026-04-18T12:55:00Z
10
value 0.00592
scoring_system epss
scoring_elements 0.69172
published_at 2026-04-01T12:55:00Z
11
value 0.00592
scoring_system epss
scoring_elements 0.69187
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1706
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/coreos/ignition
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/coreos/ignition
4
reference_url https://github.com/coreos/ignition/issues/1300
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/coreos/ignition/issues/1300
5
reference_url https://github.com/coreos/ignition/pull/1350
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/coreos/ignition/pull/1350
6
reference_url https://github.com/coreos/ignition/security/advisories/GHSA-hj57-j5cw-2mwp
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/coreos/ignition/security/advisories/GHSA-hj57-j5cw-2mwp
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014716
reference_id 1014716
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014716
8
reference_url https://access.redhat.com/errata/RHSA-2022:5068
reference_id RHSA-2022:5068
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5068
9
reference_url https://access.redhat.com/errata/RHSA-2022:8126
reference_id RHSA-2022:8126
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8126
fixed_packages
aliases CVE-2022-1706, GHSA-hj57-j5cw-2mwp
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y131-2ntq-hfdn
Fixing_vulnerabilities
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ignition@2.14.0-3.rhaos4.11%3Farch=el8