{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-47907", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "state": "PUBLISHED", "assignerShortName": "Go", "dateReserved": "2025-05-13T23:31:29.597Z", "datePublished": "2025-08-07T15:25:30.704Z", "dateUpdated": "2025-08-07T15:48:03.634Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2025-08-07T15:25:30.704Z"}, "title": "Incorrect results returned from Rows.Scan in database/sql", "descriptions": [{"lang": "en", "value": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error."}], "affected": [{"vendor": "Go standard library", "product": "database/sql", "collectionURL": "https://pkg.go.dev", "packageName": "database/sql", "versions": [{"version": "0", "lessThan": "1.23.12", "status": "affected", "versionType": "semver"}, {"version": "1.24.0", "lessThan": "1.24.6", "status": "affected", "versionType": "semver"}], "programRoutines": [{"name": "Rows.Scan"}, {"name": "Row.Scan"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "references": [{"url": "https://go.dev/cl/693735"}, {"url": "https://go.dev/issue/74831"}, {"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"}, {"url": "https://pkg.go.dev/vuln/GO-2025-3849"}], "credits": [{"lang": "en", "value": "Spike Curtis from Coder"}]}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-08-07T15:45:26.297503Z", "id": "CVE-2025-47907", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-07T15:48:03.634Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-47907", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-07T15:45:26.297503Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-07T15:47:25.067Z"}}], "cna": {"title": "Incorrect results returned from Rows.Scan in database/sql", "credits": [{"lang": "en", "value": "Spike Curtis from Coder"}], "affected": [{"vendor": "Go standard library", "product": "database/sql", "versions": [{"status": "affected", "version": "0", "lessThan": "1.23.12", "versionType": "semver"}, {"status": "affected", "version": "1.24.0", "lessThan": "1.24.6", "versionType": "semver"}], "packageName": "database/sql", "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "programRoutines": [{"name": "Rows.Scan"}, {"name": "Row.Scan"}]}], "references": [{"url": "https://go.dev/cl/693735"}, {"url": "https://go.dev/issue/74831"}, {"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"}, {"url": "https://pkg.go.dev/vuln/GO-2025-3849"}], "descriptions": [{"lang": "en", "value": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2025-08-07T15:25:30.704Z"}}}, "cveMetadata": {"cveId": "CVE-2025-47907", "state": "PUBLISHED", "dateUpdated": "2025-08-07T15:48:03.634Z", "dateReserved": "2025-05-13T23:31:29.597Z", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "datePublished": "2025-08-07T15:25:30.704Z", "assignerShortName": "Go"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error."}], "id": "CVE-2025-47907", "lastModified": "2025-08-07T21:26:37.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-08-07T16:15:30.357", "references": [{"source": "[email protected]", "url": "https://go.dev/cl/693735"}, {"source": "[email protected]", "url": "https://go.dev/issue/74831"}, {"source": "[email protected]", "url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"}, {"source": "[email protected]", "url": "https://pkg.go.dev/vuln/GO-2025-3849"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "database/sql: Postgres Scan Race Condition", "id": "2387083", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387083"}, "csaw": false, "details": ["Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application."], "name": "CVE-2025-47907", "package_state": [{"cpe": "cpe:/a:redhat:assisted_installer:2", "fix_state": "Under investigation", "package_name": "rhai/assisted-installer-agent-rhel9", "product_name": "Assisted Installer for Red Hat OpenShift Container Platform 2"}, {"cpe": "cpe:/a:redhat:assisted_installer:2", "fix_state": "Under investigation", "package_name": "rhai/assisted-installer-controller-rhel9", "product_name": "Assisted Installer for Red Hat OpenShift Container Platform 2"}, {"cpe": "cpe:/a:redhat:assisted_installer:2", "fix_state": "Under investigation", "package_name": "rhai/assisted-installer-rhel9", "product_name": "Assisted Installer for Red Hat OpenShift Container Platform 2"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Under investigation", "package_name": "openshift-builds/openshift-builds-controller-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Under investigation", "package_name": "openshift-builds/openshift-builds-git-cloner-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Under investigation", "package_name": "openshift-builds/openshift-builds-image-bundler-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Under investigation", "package_name": "openshift-builds/openshift-builds-image-processing-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Under investigation", "package_name": "openshift-builds/openshift-builds-operator-bundle", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Under investigation", "package_name": "openshift-builds/openshift-builds-rhel9-operator", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Under investigation", "package_name": "openshift-builds/openshift-builds-shared-resource-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Under investigation", "package_name": "openshift-builds/openshift-builds-shared-resource-webhook-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Under investigation", "package_name": "openshift-builds/openshift-builds-waiters-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Under investigation", "package_name": "openshift-builds/openshift-builds-webhook-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Under investigation", "package_name": "cert-manager/cert-manager-istio-csr-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Under investigation", "package_name": "cert-manager/cert-manager-operator-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Under investigation", "package_name": "cert-manager/jetstack-cert-manager-acmesolver-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Under investigation", "package_name": "cert-manager/jetstack-cert-manager-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:confidential_compute_attestation:1", "fix_state": "Under investigation", "package_name": "build-of-trustee/trustee-rhel9-operator", "product_name": "Confidential Compute Attestation"}, {"cpe": "cpe:/a:redhat:confidential_compute_attestation:1", "fix_state": "Under investigation", "package_name": "confidential-compute-attestation-tech-preview/trustee-rhel9-operator", "product_name": "Confidential Compute Attestation"}, {"cpe": "cpe:/a:redhat:confidential_compute_attestation:1", "fix_state": "Under investigation", "package_name": "openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9", "product_name": "Confidential Compute Attestation"}, {"cpe": "cpe:/a:redhat:confidential_compute_attestation:1", "fix_state": "Under investigation", "package_name": "openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9", "product_name": "Confidential Compute Attestation"}, {"cpe": "cpe:/a:redhat:confidential_compute_attestation:1", "fix_state": "Under investigation", "package_name": "openshift-sandboxed-containers/osc-podvm-payload-rhel9", "product_name": "Confidential Compute Attestation"}, {"cpe": "cpe:/a:redhat:confidential_compute_attestation:1", "fix_state": "Under investigation", "package_name": "openshift-sandboxed-containers/osc-rhel9-operator", "product_name": "Confidential Compute Attestation"}, {"cpe": "cpe:/a:redhat:cryostat:4", "fix_state": "Under investigation", "package_name": "cryostat/cryostat-storage-rhel9", "product_name": "Cryostat 4"}, {"cpe": "cpe:/a:redhat:deployment_validator_operator", "fix_state": "Under investigation", "package_name": "dvo/deployment-validation-rhel8-operator", "product_name": "Deployment Validation Operator"}, {"cpe": "cpe:/a:redhat:external_secrets_operator:0", "fix_state": "Under investigation", "package_name": "external-secrets-operator/external-secrets-rhel9", "product_name": "external secrets operator for Red Hat OpenShift - Tech Preview"}, {"cpe": "cpe:/a:redhat:workload_availability_fence_agents_remediation", "fix_state": "Under investigation", "package_name": "workload-availability/fence-agents-remediation-rhel8-operator", "product_name": "Fence Agents Remediation Operator"}, {"cpe": "cpe:/a:redhat:openshift_file_integrity_operator:1", "fix_state": "Under investigation", "package_name": "compliance/openshift-file-integrity-operator-bundle", "product_name": "File Integrity Operator"}, {"cpe": "cpe:/a:redhat:openshift_file_integrity_operator:1", "fix_state": "Under investigation", "package_name": "compliance/openshift-file-integrity-rhel8-operator", "product_name": "File Integrity Operator"}, {"cpe": "cpe:/a:redhat:gatekeeper:3", "fix_state": "Under investigation", "package_name": "gatekeeper/gatekeeper-rhel9", "product_name": "Gatekeeper 3"}, {"cpe": "cpe:/a:redhat:gatekeeper:3", "fix_state": "Under investigation", "package_name": "gatekeeper/gatekeeper-rhel9-operator", "product_name": "Gatekeeper 3"}, {"cpe": "cpe:/a:redhat:kube_descheduler_operator:5", "fix_state": "Under investigation", "package_name": "kube-descheduler-operator/descheduler-rhel9", "product_name": "Kube Descheduler Operator"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Under investigation", "package_name": "openshift-logging/logging-loki-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:6", "fix_state": "Under investigation", "package_name": "openshift-logging/cluster-logging-rhel9-operator", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:6", "fix_state": "Under investigation", "package_name": "openshift-logging/eventrouter-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:6", "fix_state": "Under investigation", "package_name": "openshift-logging/log-file-metric-exporter-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:6", "fix_state": "Under investigation", "package_name": "openshift-logging/loki-rhel9-operator", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:6", "fix_state": "Under investigation", "package_name": "openshift-logging/lokistack-gateway-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:6", "fix_state": "Under investigation", "package_name": "openshift-logging/opa-openshift-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:6", "fix_state": "Under investigation", "package_name": "openshift-logging/vector-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:lvms:4", "fix_state": "Under investigation", "package_name": "lvms4/lvms-rhel9-operator", "product_name": "Logical Volume Manager Storage"}, {"cpe": "cpe:/a:redhat:workload_availability_machine_deletion_remediation", "fix_state": "Under investigation", "package_name": "workload-availability/machine-deletion-remediation-rhel8-operator", "product_name": "Machine Deletion Remediation Operator"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:7", "fix_state": "Under investigation", "package_name": "mta/mta-hub-rhel9", "product_name": "Migration Toolkit for Applications 7"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Under investigation", "package_name": "migration-toolkit-virtualization/mtv-api-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:mirror_registry:1", "fix_state": "Under investigation", "package_name": "openshift/mirror-registry-rhel8", "product_name": "mirror registry for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:multiarch_tuning_operator", "fix_state": "Under investigation", "package_name": "multiarch-tuning/multiarch-tuning-rhel9-operator", "product_name": "Multiarch Tuning Operator"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Under investigation", "package_name": "multicluster-engine/assisted-installer-agent-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Under investigation", "package_name": "multicluster-engine/assisted-installer-controller-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Under investigation", "package_name": "multicluster-engine/assisted-installer-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Under investigation", "package_name": "multicluster-engine/assisted-service-8-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Under investigation", "package_name": "multicluster-engine/assisted-service-9-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Under investigation", "package_name": "multicluster-engine/backplane-rhel9-operator", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Under investigation", "package_name": "multicluster-engine/cluster-api-provider-agent-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Under investigation", "package_name": "multicluster-engine/cluster-api-provider-kubevirt-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Under investigation", "package_name": "multicluster-engine/clusterclaims-controller-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Under investigation", "package_name": "multicluster-engine/cluster-curator-controller-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Under investigation", "package_name": "multicluster-engine/cluster-image-set-controller-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Under investigation", "package_name": "multicluster-engine/discovery-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Under investigation", "package_name": "multicluster-engine/hypershift-addon-rhel9-operator", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Under investigation", "package_name": "multicluster-engine/image-based-install-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Under investigation", "package_name": "multicluster-engine/mce-capi-webhook-config-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Under investigation", "package_name": "multicluster-engine/provider-credential-controller-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_globalhub", "fix_state": "Under investigation", "package_name": "multicluster-globalhub/multicluster-globalhub-agent-rhel9", "product_name": "Multicluster Global Hub"}, {"cpe": "cpe:/a:redhat:multicluster_globalhub", "fix_state": "Under investigation", "package_name": "multicluster-globalhub/multicluster-globalhub-grafana-rhel9", "product_name": "Multicluster Global Hub"}, {"cpe": "cpe:/a:redhat:multicluster_globalhub", "fix_state": "Under investigation", "package_name": "multicluster-globalhub/multicluster-globalhub-manager-rhel9", "product_name": "Multicluster Global Hub"}, {"cpe": "cpe:/a:redhat:multicluster_globalhub", "fix_state": "Under investigation", "package_name": "multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9", "product_name": "Multicluster Global Hub"}, {"cpe": "cpe:/a:redhat:multicluster_globalhub", "fix_state": "Under investigation", "package_name": "multicluster-globalhub/multicluster-globalhub-rhel9-operator", "product_name": "Multicluster Global Hub"}, {"cpe": "cpe:/a:redhat:network_bound_disk_encryption_tang:1", "fix_state": "Under investigation", "package_name": "nbde-tang-server/nbde-tang-server-rhel9-operator", "product_name": "NBDE Tang Server"}, {"cpe": "cpe:/a:redhat:network_observ_optr:1", "fix_state": "Under investigation", "package_name": "network-observability/network-observability-cli-rhel9", "product_name": "Network Observability Operator"}, {"cpe": "cpe:/a:redhat:network_observ_optr:1", "fix_state": "Under investigation", "package_name": "network-observability/network-observability-ebpf-agent-rhel9", "product_name": "Network Observability Operator"}, {"cpe": "cpe:/a:redhat:network_observ_optr:1", "fix_state": "Under investigation", "package_name": "network-observability/network-observability-flowlogs-pipeline-rhel9", "product_name": "Network Observability Operator"}, {"cpe": "cpe:/a:redhat:network_observ_optr:1", "fix_state": "Under investigation", "package_name": "network-observability/network-observability-rhel9-operator", "product_name": "Network Observability Operator"}, {"cpe": "cpe:/a:redhat:workload_availability_node_healthcheck", "fix_state": "Under investigation", "package_name": "workload-availability/node-healthcheck-rhel8-operator", "product_name": "Node HealthCheck Operator"}, {"cpe": "cpe:/a:redhat:workload_availability_nmo:5", "fix_state": "Under investigation", "package_name": "container-native-virtualization/node-maintenance-operator", "product_name": "Node Maintenance Operator"}, {"cpe": "cpe:/a:redhat:workload_availability_nmo:5", "fix_state": "Under investigation", "package_name": "workload-availability/node-maintenance-rhel8-operator", "product_name": "Node Maintenance Operator"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Under investigation", "package_name": "oadp/oadp-velero-rhel9", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Under investigation", "package_name": "openshift-lightspeed/lightspeed-operator-bundle", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Under investigation", "package_name": "openshift-lightspeed/lightspeed-rhel9-operator", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Under investigation", "package_name": "openshift-lightspeed-tech-preview/lightspeed-operator-bundle", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Under investigation", "package_name": "openshift-pipelines-client", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:run_once_duration_override_operator:1", "fix_state": "Under investigation", "package_name": "run-once-duration-override-operator/run-once-duration-override-rhel9", "product_name": "OpenShift Run Once Duration Override Operator"}, {"cpe": "cpe:/a:redhat:openshift_secondary_scheduler:1", "fix_state": "Under investigation", "package_name": "openshift-secondary-scheduler-operator/secondary-scheduler-rhel9-operator", "product_name": "OpenShift Secondary Scheduler Operator"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Under investigation", "package_name": "kn-workflow-plugin", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Under investigation", "package_name": "openshift-golang-builder-container", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Under investigation", "package_name": "openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Under investigation", "package_name": "openshift-service-mesh/istio-cni-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Under investigation", "package_name": "openshift-service-mesh/istio-must-gather-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Under investigation", "package_name": "openshift-service-mesh/istio-pilot-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Under investigation", "package_name": "openshift-service-mesh/istio-proxyv2-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Under investigation", "package_name": "openshift-service-mesh/istio-rhel9-operator", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Under investigation", "package_name": "openshift-service-mesh/kiali-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:openshift_power_monitoring", "fix_state": "Under investigation", "package_name": "openshift-power-monitoring/kepler-rhel9", "product_name": "Power monitoring for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_power_monitoring", "fix_state": "Under investigation", "package_name": "openshift-power-monitoring/power-monitoring-rhel9-operator", "product_name": "Power monitoring for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Under investigation", "package_name": "3scale-tech-preview/authorino-rhel9", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Under investigation", "package_name": "rhcl-1/authorino-rhel9", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "flightctl", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/acm-cli-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/acm-cluster-permission-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/acm-governance-policy-addon-controller-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/acm-governance-policy-framework-addon-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/acm-grafana-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/acm-multicluster-observability-addon-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/acm-prometheus-config-reloader-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/acm-prometheus-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/acm-search-indexer-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/acm-search-v2-api-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/acm-search-v2-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/acm-volsync-addon-controller-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/cert-policy-controller-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/cluster-backup-rhel9-operator", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/config-policy-controller-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/endpoint-monitoring-rhel9-operator", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/governance-policy-propagator-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/grafana-dashboard-loader-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/insights-metrics-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/kube-state-metrics-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/memcached-exporter-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/metrics-collector-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/multicloud-integrations-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/multiclusterhub-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/multicluster-observability-rhel9-operator", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/multicluster-operators-application-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/multicluster-operators-channel-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/multicluster-operators-subscription-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/node-exporter-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/observatorium-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/prometheus-alertmanager-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/prometheus-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/rbac-query-proxy-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/submariner-addon-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/thanos-receive-controller-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/thanos-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/volsync-operator-bundle", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/volsync-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Under investigation", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Under investigation", "package_name": "receptor", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:apache_camel_hawtio:4", "fix_state": "Under investigation", "package_name": "hawtio-operator-container", "product_name": "Red Hat build of Apache Camel - HawtIO 4"}, {"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Under investigation", "package_name": "rhceph/grafana-rhel9", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Under investigation", "package_name": "rhel9/grafana", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/a:redhat:ceph_storage:6", "fix_state": "Under investigation", "package_name": "rhceph/grafana-rhel9", "product_name": "Red Hat Ceph Storage 6"}, {"cpe": "cpe:/a:redhat:ceph_storage:6", "fix_state": "Under investigation", "package_name": "rhel9/grafana", "product_name": "Red Hat Ceph Storage 6"}, {"cpe": "cpe:/a:redhat:ceph_storage:8", "fix_state": "Under investigation", "package_name": "rhceph/grafana-rhel9", "product_name": "Red Hat Ceph Storage 8"}, {"cpe": "cpe:/a:redhat:ceph_storage:8", "fix_state": "Under investigation", "package_name": "rhel9/grafana", "product_name": "Red Hat Ceph Storage 8"}, {"cpe": "cpe:/a:redhat:certifications:1::el8", "fix_state": "Under investigation", "package_name": "redhat-certification-preflight", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:certifications:9::el9", "fix_state": "Under investigation", "package_name": "redhat-certification-preflight", "product_name": "Red Hat Certification Program for Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:connectivity_link:1", "fix_state": "Under investigation", "package_name": "3scale-tech-preview/authorino-rhel9", "product_name": "Red Hat Connectivity Link 1"}, {"cpe": "cpe:/a:redhat:connectivity_link:1", "fix_state": "Under investigation", "package_name": "rhcl-1/authorino-rhel9", "product_name": "Red Hat Connectivity Link 1"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Under investigation", "package_name": "rhdh-orchestrator-dev-preview-beta/controller-rhel9-operator", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Under investigation", "package_name": "rhdh/rhdh-hub-rhel9", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Under investigation", "package_name": "rhdh/rhdh-rhel9-operator", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Under investigation", "package_name": "podman", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Under investigation", "package_name": "rhel10/bootc-image-builder", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Under investigation", "package_name": "rhel10-eus/rhel-10.0-bootc-image-builder", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "container-tools:rhel8/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "go-toolset:rhel8/go-toolset", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "podman", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "rhel9/bootc-image-builder", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "rhel9-eus/rhel-9.6-bootc-image-builder", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Under investigation", "package_name": "golang", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:insights-runtimes:1", "fix_state": "Under investigation", "package_name": "insights-runtimes-tech-preview/runtimes-inventory-rhel8-operator", "product_name": "Red Hat Insights for Runtimes Operator"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-codeflare-operator-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-codeflare-operator-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-data-science-pipelines-argo-argoexec-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-data-science-pipelines-argo-argoexec-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-data-science-pipelines-operator-controller-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-data-science-pipelines-operator-controller-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-feast-operator-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-feature-server-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-kf-notebook-controller-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-kf-notebook-controller-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-kuberay-operator-controller-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-kuberay-operator-controller-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-kueue-controller-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-kueue-controller-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-ml-pipelines-api-server-v2-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-ml-pipelines-api-server-v2-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-ml-pipelines-driver-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-ml-pipelines-driver-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-ml-pipelines-launcher-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-ml-pipelines-launcher-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-model-controller-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-model-controller-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-modelmesh-serving-controller-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-modelmesh-serving-controller-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-model-registry-operator-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-model-registry-operator-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-model-registry-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-model-registry-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-notebook-controller-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-notebook-controller-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-rhel8-operator", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-rhel9-operator", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-training-operator-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-training-operator-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-trustyai-service-operator-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-trustyai-service-operator-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhods/odh-rhel8-operator", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_cluster_manager_cli:1", "fix_state": "Under investigation", "package_name": "ocm-cli-clients/ocm-cli-rhel9", "product_name": "Red Hat OpenShift Cluster Manager CLI"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Under investigation", "package_name": "openshift-golang-builder-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Under investigation", "package_name": "odf4/cephcsi-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Under investigation", "package_name": "odf4/cephcsi-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Under investigation", "package_name": "odf4/mcg-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Under investigation", "package_name": "odf4/ocs-client-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Under investigation", "package_name": "odf4/ocs-metrics-exporter-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Under investigation", "package_name": "odf4/ocs-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Under investigation", "package_name": "odf4/odf-cli-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Under investigation", "package_name": "odf4/odf-csi-addons-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Under investigation", "package_name": "odf4/odf-csi-addons-sidecar-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Under investigation", "package_name": "odf4/odf-multicluster-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Under investigation", "package_name": "odf4/odf-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Under investigation", "package_name": "odf4/odr-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Under investigation", "package_name": "odf4/rook-ceph-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Under investigation", "package_name": "devspaces/configbump-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Under investigation", "package_name": "devspaces/dashboard-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Under investigation", "package_name": "devspaces/devspaces-rhel9-operator", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Under investigation", "package_name": "devspaces/imagepuller-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Under investigation", "package_name": "devspaces-tech-preview/jetbrains-ide-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Under investigation", "package_name": "devspaces/traefik-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:devworkspace", "fix_state": "Under investigation", "package_name": "devworkspace/devworkspace-project-clone-rhel9", "product_name": "Red Hat OpenShift Dev Workspaces Operator"}, {"cpe": "cpe:/a:redhat:devworkspace", "fix_state": "Under investigation", "package_name": "devworkspace/devworkspace-rhel9-operator", "product_name": "Red Hat OpenShift Dev Workspaces Operator"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Under investigation", "package_name": "rhosdt/jaeger-agent-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Under investigation", "package_name": "rhosdt/jaeger-collector-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Under investigation", "package_name": "rhosdt/jaeger-es-index-cleaner-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Under investigation", "package_name": "rhosdt/jaeger-es-rollover-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Under investigation", "package_name": "rhosdt/jaeger-ingester-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Under investigation", "package_name": "rhosdt/jaeger-rhel8-operator", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Under investigation", "package_name": "rhosdt/opentelemetry-collector-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Under investigation", "package_name": "rhosdt/opentelemetry-rhel8-operator", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Under investigation", "package_name": "rhosdt/opentelemetry-target-allocator-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Under investigation", "package_name": "rhosdt/tempo-gateway-opa-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Under investigation", "package_name": "rhosdt/tempo-gateway-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Under investigation", "package_name": "rhosdt/tempo-query-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Under investigation", "package_name": "rhosdt/tempo-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Under investigation", "package_name": "rhosdt/tempo-rhel8-operator", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:windows_machine_config", "fix_state": "Under investigation", "package_name": "openshift4-wincw/windows-machine-config-operator-bundle", "product_name": "Red Hat OpenShift for Windows Containers"}, {"cpe": "cpe:/a:redhat:windows_machine_config", "fix_state": "Under investigation", "package_name": "openshift4-wincw/windows-machine-config-rhel9-operator", "product_name": "Red Hat OpenShift for Windows Containers"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Under investigation", "package_name": "openshift-gitops-1/argocd-agent-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Under investigation", "package_name": "openshift-gitops-1/argocd-extensions-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Under investigation", "package_name": "openshift-gitops-1/argocd-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Under investigation", "package_name": "openshift-gitops-1/argocd-rhel9", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Under investigation", "package_name": "openshift-gitops-1/argo-rollouts-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Under investigation", "package_name": "openshift-gitops-1/console-plugin-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Under investigation", "package_name": "openshift-gitops-1/dex-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Under investigation", "package_name": "openshift-gitops-1/gitops-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Under investigation", "package_name": "openshift-gitops-1/gitops-rhel8-operator", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Under investigation", "package_name": "openshift-gitops-1/must-gather-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_service_on_aws:1", "fix_state": "Under investigation", "package_name": "rosa", "product_name": "Red Hat OpenShift on AWS"}, {"cpe": "cpe:/a:redhat:openshift_sandboxed_containers:1", "fix_state": "Under investigation", "package_name": "openshift-sandboxed-containers/osc-monitor-rhel9", "product_name": "Red Hat Openshift Sandboxed Containers"}, {"cpe": "cpe:/a:redhat:openshift_update_service:5", "fix_state": "Under investigation", "package_name": "openshift-update-service/cincinnati-rhel8-operator", "product_name": "Red Hat OpenShift Update Service"}, {"cpe": "cpe:/a:redhat:openshift_update_service:5", "fix_state": "Under investigation", "package_name": "openshift-update-service/openshift-update-service-rhel8-operator", "product_name": "Red Hat OpenShift Update Service"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Under investigation", "package_name": "openshift-golang-builder-container", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Under investigation", "package_name": "rhosp-rhel9/osp-director-agent", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Under investigation", "package_name": "rhosp-rhel9/osp-director-agent", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Under investigation", "package_name": "rhoso-operators/ovn-rhel9-operator", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Under investigation", "package_name": "quay/clair-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:trusted_application_pipeline:1", "fix_state": "Under investigation", "package_name": "rhtap-task-runner/rhtap-task-runner-rhel9", "product_name": "Red Hat Trusted Application Pipeline"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Under investigation", "package_name": "rhtas/certificate-transparency-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Under investigation", "package_name": "rhtas/createctconfig-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Under investigation", "package_name": "rhtas/createtree-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Under investigation", "package_name": "rhtas/ctlog-managectroots-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Under investigation", "package_name": "rhtas/fulcio-createcerts-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Under investigation", "package_name": "rhtas/rekor-backfill-redis-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Under investigation", "package_name": "rhtas/rekor-cli-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Under investigation", "package_name": "rhtas/rekor-server-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Under investigation", "package_name": "rhtas/rhtas-rhel9-operator", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Under investigation", "package_name": "rhtas/trillian-createdb-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Under investigation", "package_name": "rhtas/trillian-createtree-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Under investigation", "package_name": "rhtas/trillian-database-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Under investigation", "package_name": "rhtas/trillian-logserver-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Under investigation", "package_name": "rhtas/trillian-logsigner-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Under investigation", "package_name": "rhtas/tuf-server-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Under investigation", "package_name": "rhtas/updatetree-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:webterminal:1", "fix_state": "Under investigation", "package_name": "web-terminal-tech-preview/web-terminal-rhel8-operator", "product_name": "Red Hat Web Terminal"}, {"cpe": "cpe:/a:redhat:webterminal:1", "fix_state": "Under investigation", "package_name": "web-terminal/web-terminal-rhel8-operator", "product_name": "Red Hat Web Terminal"}, {"cpe": "cpe:/a:redhat:webterminal:1", "fix_state": "Under investigation", "package_name": "web-terminal/web-terminal-rhel9-operator", "product_name": "Red Hat Web Terminal"}, {"cpe": "cpe:/a:redhat:workload_availability_snr:0", "fix_state": "Under investigation", "package_name": "workload-availability/self-node-remediation-rhel8-operator", "product_name": "Self Node Remediation Operator"}, {"cpe": "cpe:/a:redhat:zero_trust_workload_identity_manager:0", "fix_state": "Under investigation", "package_name": "zero-trust-workload-identity-manager/spiffe-csi-driver-rhel9", "product_name": "Zero Trust Workload Identity Manager - Tech Preview"}, {"cpe": "cpe:/a:redhat:zero_trust_workload_identity_manager:0", "fix_state": "Under investigation", "package_name": "zero-trust-workload-identity-manager/spiffe-helper-rhel9", "product_name": "Zero Trust Workload Identity Manager - Tech Preview"}, {"cpe": "cpe:/a:redhat:zero_trust_workload_identity_manager:0", "fix_state": "Under investigation", "package_name": "zero-trust-workload-identity-manager/spiffe-spire-agent-rhel9", "product_name": "Zero Trust Workload Identity Manager - Tech Preview"}, {"cpe": "cpe:/a:redhat:zero_trust_workload_identity_manager:0", "fix_state": "Under investigation", "package_name": "zero-trust-workload-identity-manager/spiffe-spire-controller-manager-rhel9", "product_name": "Zero Trust Workload Identity Manager - Tech Preview"}, {"cpe": "cpe:/a:redhat:zero_trust_workload_identity_manager:0", "fix_state": "Under investigation", "package_name": "zero-trust-workload-identity-manager/spiffe-spire-oidc-discovery-provider-rhel9", "product_name": "Zero Trust Workload Identity Manager - Tech Preview"}, {"cpe": "cpe:/a:redhat:zero_trust_workload_identity_manager:0", "fix_state": "Under investigation", "package_name": "zero-trust-workload-identity-manager/spiffe-spire-server-rhel9", "product_name": "Zero Trust Workload Identity Manager - Tech Preview"}, {"cpe": "cpe:/a:redhat:zero_trust_workload_identity_manager:0", "fix_state": "Under investigation", "package_name": "zero-trust-workload-identity-manager/zero-trust-workload-identity-manager-rhel9", "product_name": "Zero Trust Workload Identity Manager - Tech Preview"}], "public_date": "2025-08-07T15:25:30Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-47907\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-47907\nhttps://go.dev/cl/693735\nhttps://go.dev/issue/74831\nhttps://groups.google.com/g/golang-announce/c/x5MKroML2yM\nhttps://pkg.go.dev/vuln/GO-2025-3849"], "threat_severity": "Important"}