Description
vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| patriksimek | vm2 | affected |
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Multicluster Engine for Kubernetes | |||
| multicluster-engine-agent-service-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-apiserver-network-proxy-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-assisted-image-service-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-assisted-installer-agent-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-assisted-installer-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-assisted-installer-reporter-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-aws-encryption-provider-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-cluster-api-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-cluster-api-provider-agent-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-cluster-api-provider-aws-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-cluster-api-provider-azure-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-cluster-api-provider-kubevirt-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-clusterclaims-controller-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-cluster-curator-controller-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-clusterlifecycle-state-metrics-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-console-mce-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-discovery-operator-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-hive-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-hypershift-addon-operator-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-hypershift-deployment-controller-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-hypershift-operator-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-klusterlet-operator-bundle-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-managedcluster-import-controller-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-managed-serviceaccount-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-multicloud-manager-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-must-gather-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-operator-bundle-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-operator-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-placement-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-provider-credential-controller-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-registration-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-registration-operator-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-work-container | cpe:/a:redhat:multicluster_engine:2.0::el8 | RHSA-2023:3353 | 2023-05-30T00:00:00Z |
| multicluster-engine-agent-service-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-apiserver-network-proxy-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-assisted-image-service-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-assisted-installer-agent-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-assisted-installer-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-assisted-installer-reporter-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-aws-encryption-provider-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-cluster-api-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-cluster-api-provider-agent-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-cluster-api-provider-aws-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-cluster-api-provider-azure-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-cluster-api-provider-kubevirt-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-clusterclaims-controller-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-cluster-curator-controller-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-clusterlifecycle-state-metrics-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-cluster-proxy-addon-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-cluster-proxy-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-console-mce-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-discovery-operator-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-hive-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-hypershift-addon-operator-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-hypershift-deployment-controller-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-hypershift-operator-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-klusterlet-operator-bundle-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-managedcluster-import-controller-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-managed-serviceaccount-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-multicloud-manager-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-must-gather-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-operator-bundle-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-operator-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-placement-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-provider-credential-controller-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-registration-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-registration-operator-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster-engine-work-container | cpe:/a:redhat:multicluster_engine:2.1::el8 | RHSA-2023:3325 | 2023-05-25T00:00:00Z |
| multicluster engine for Kubernetes 2.2 for RHEL 8 | |||
| multicluster-engine/console-mce-rhel8:v2.2.4-4 | cpe:/a:redhat:multicluster_engine:2.2::el8 | RHSA-2023:3296 | 2023-05-24T00:00:00Z |
| multicluster-engine/multicluster-engine-console-mce-rhel8:v2.2.4-4 | cpe:/a:redhat:multicluster_engine:2.2::el8 | RHSA-2023:3296 | 2023-05-24T00:00:00Z |
| Red Hat Advanced Cluster Management for Kubernetes 2 | |||
| acm-cluster-proxy-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| acm-governance-policy-addon-controller-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| acm-grafana-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| acm-must-gather-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| acm-operator-bundle-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| acm-prometheus-config-reloader-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| acm-prometheus-operator-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| acm-volsync-addon-controller-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| cert-policy-controller-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| cluster-backup-operator-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| cluster-proxy-addon-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| config-policy-controller-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| console-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| endpoint-monitoring-operator-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| governance-policy-propagator-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| governance-policy-spec-sync-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| governance-policy-status-sync-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| governance-policy-template-sync-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| grafana-dashboard-loader-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| iam-policy-controller-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| insights-client-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| insights-metrics-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| klusterlet-addon-controller-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| klusterlet-addon-operator-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| kube-rbac-proxy-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| kube-state-metrics-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| management-ingress-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| memcached-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| memcached-exporter-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| metrics-collector-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| multicloud-integrations-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| multiclusterhub-operator-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| multiclusterhub-repo-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| multicluster-observability-operator-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| multicluster-operators-application-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| multicluster-operators-channel-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| multicluster-operators-subscription-operator-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| node-exporter-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| observatorium-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| observatorium-operator-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| prometheus-alertmanager-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| prometheus-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| rbac-query-proxy-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| redisgraph-tls-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| search-aggregator-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| search-api-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| search-collector-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| search-operator-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| submariner-addon-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| thanos-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| thanos-receive-controller-container | cpe:/a:redhat:acm:2.5::el8 | RHSA-2023:3356 | 2023-05-30T00:00:00Z |
| acm-governance-policy-addon-controller-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| acm-grafana-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| acm-must-gather-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| acm-operator-bundle-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| acm-prometheus-config-reloader-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| acm-prometheus-operator-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| acm-volsync-addon-controller-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| cert-policy-controller-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| cluster-backup-operator-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| config-policy-controller-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| console-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| endpoint-monitoring-operator-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| governance-policy-propagator-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| governance-policy-spec-sync-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| governance-policy-status-sync-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| governance-policy-template-sync-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| grafana-dashboard-loader-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| iam-policy-controller-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| insights-client-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| insights-metrics-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| klusterlet-addon-controller-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| kube-rbac-proxy-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| kube-state-metrics-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| management-ingress-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| memcached-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| memcached-exporter-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| metrics-collector-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| multicloud-integrations-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| multiclusterhub-operator-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| multiclusterhub-repo-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| multicluster-observability-operator-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| multicluster-operators-application-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| multicluster-operators-channel-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| multicluster-operators-subscription-operator-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| node-exporter-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| observatorium-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| observatorium-operator-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| prometheus-alertmanager-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| prometheus-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| rbac-query-proxy-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| redisgraph-tls-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| search-aggregator-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| search-api-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| search-collector-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| search-operator-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| submariner-addon-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| thanos-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| thanos-receive-controller-container | cpe:/a:redhat:acm:2.6::el8 | RHSA-2023:3326 | 2023-05-26T00:00:00Z |
| Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8 | |||
| rhacm2/console-rhel8:v2.7.4-4 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2023:3297 | 2023-05-24T00:00:00Z |
No data available yet.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Github GHSA |
GHSA-whpj-8f3w-67p5 | vm2 Sandbox Escape vulnerability |
References
History
Wed, 22 Jan 2025 22:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Sun, 08 Sep 2024 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:/a:redhat:acm:2.5::el8 cpe:/a:redhat:acm:2.6::el8 cpe:/a:redhat:multicluster_engine:2.0::el8 cpe:/a:redhat:multicluster_engine:2.1::el8 |
Mon, 19 Aug 2024 22:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:/a:redhat:acm:2.6::el8 cpe:/a:redhat:multicluster_engine:2.0::el8 cpe:/a:redhat:multicluster_engine:2.1::el8 |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-01-22T21:42:31.793Z
Reserved: 2023-05-08T13:26:03.878Z
Link: CVE-2023-32314
Vulnrichment
Updated: 2024-08-02T15:10:24.942Z
NVD
Status : Modified
Published: 2023-05-15T20:15:09.177
Modified: 2024-11-21T08:03:05.643
Link: CVE-2023-32314
Redhat
OpenCVE Enrichment
No data.
Weaknesses