CVE-2022-2880

medium

Published 2023-01-23 · Modified 2023-05-12

CVSS v3

—

CVSS v2

—

VIR risk

5.5

Description

Moderate: git-lfs security and bug fix update

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-2357.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2113814

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2107388

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2107386

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2107383

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2107374

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2107371

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-2204.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-2780.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:2780

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-0121.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2237778

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2237777

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2237776

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2237773

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2228743

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:0121

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-2167.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2125514

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-0328.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-2784.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2131149

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2124669

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:2784

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-0446.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2132867

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:0446

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-2866.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2161274

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:2866

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-3254.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2268854

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2268046

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2265513

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2132872

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2132868

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:3254

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:0328

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2022-2880

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2022-2880.html

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:0446

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:0121

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:2357

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:2204

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:2167

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:0328

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters Red Hat statement The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang’s Garbage Collector; OpenShift’s resource…

Description

golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters

Red Hat statement

The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang’s Garbage Collector; OpenShift’s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.

CVSS v3: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

Errata / fixed releases

Product	Package	Advisory	Released
OADP-1.1-RHEL-8	`oadp/oadp-velero-rhel8:1.1.2-16`	RHSA-2023:1174	2023-03-09T00:00:00Z
OpenShift Custom Metrics Autoscaler 2	`custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8:2.8.2-143`	RHSA-2023:1042	2023-03-06T00:00:00Z
Openshift Serverless 1 on RHEL 8	`openshift-serverless-clients-0:1.6.1-1.el8`	RHSA-2023:0708	2023-02-09T00:00:00Z
OSSO-1.1-RHEL-8	`openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8:v1.1-26`	RHSA-2023:0584	2023-05-18T00:00:00Z
Red Hat Ceph Storage 6.1	`rhceph/rhceph-6-dashboard-rhel9:6-75`	RHSA-2023:3642	2023-06-15T00:00:00Z
Red Hat Developer Tools	`go-toolset-1.18-0:1.18.9-1.el7_9`	RHSA-2023:0445	2023-01-25T00:00:00Z
Red Hat Developer Tools	`go-toolset-1.18-golang-0:1.18.9-1.el7_9`	RHSA-2023:0445	2023-01-25T00:00:00Z
Red Hat Enterprise Linux 8	`go-toolset:rhel8-8070020230116141618.ded9a3e2`	RHSA-2023:0446	2023-01-25T00:00:00Z
Red Hat Enterprise Linux 8	`osbuild-composer-0:75-1.el8`	RHSA-2023:2780	2023-05-16T00:00:00Z
Red Hat Enterprise Linux 8	`weldr-client-0:35.9-2.el8`	RHSA-2023:2780	2023-05-16T00:00:00Z
Red Hat Enterprise Linux 8	`grafana-0:7.5.15-4.el8`	RHSA-2023:2784	2023-05-16T00:00:00Z
Red Hat Enterprise Linux 8	`git-lfs-0:3.2.0-2.el8`	RHSA-2023:2866	2023-05-16T00:00:00Z
Red Hat Enterprise Linux 8	`container-tools:4.0-8090020231207142256.d7b6f4b7`	RHSA-2024:0121	2024-01-10T00:00:00Z
Red Hat Enterprise Linux 8	`container-tools:rhel8-8100020240227110532.82888897`	RHSA-2024:2988	2024-05-22T00:00:00Z
Red Hat Enterprise Linux 8	`container-tools:rhel8-8100020240419145834.afee755d`	RHSA-2024:3254	2024-05-22T00:00:00Z
Red Hat Enterprise Linux 9	`golang-0:1.18.9-1.el9_1`	RHSA-2023:0328	2023-01-23T00:00:00Z
Red Hat Enterprise Linux 9	`grafana-0:9.0.9-2.el9`	RHSA-2023:2167	2023-05-09T00:00:00Z
Red Hat Enterprise Linux 9	`osbuild-composer-0:76-2.el9_2`	RHSA-2023:2204	2023-05-09T00:00:00Z
Red Hat Enterprise Linux 9	`weldr-client-0:35.9-1.el9`	RHSA-2023:2204	2023-05-09T00:00:00Z
Red Hat Enterprise Linux 9	`git-lfs-0:3.2.0-1.el9`	RHSA-2023:2357	2023-05-09T00:00:00Z
Red Hat Migration Toolkit for Containers 1.7	`rhmtc/openshift-velero-plugin-rhel8:v1.7.7-3`	RHSA-2023:0693	2023-02-09T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/cloud-network-config-controller-rhel8:v4.11.0-202211072116.p0.gfc460d3.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/egress-router-cni-rhel8:v4.11.0-202211072116.p0.gfccaf1d.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/network-tools-rhel8:v4.11.0-202211072116.p0.g4e87286.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/oc-mirror-plugin-rhel8:v4.11.0-202211072116.p0.g3c1c80c.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202211072116.p0.g0f52647.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202211072116.p0.g9a6e300.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202211072116.p0.gb17b06b.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202211072116.p0.g9a6e300.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202211072116.p0.g0daf34f.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202211072116.p0.g8dd7ae6.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202211072116.p0.gf70a51b.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202211072116.p0.g4145108.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202211072116.p0.g61e198c.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202211072116.p0.gea1a9b2.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202211072116.p0.gb3fe15b.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202211072116.p0.g550e22c.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202211072116.p0.g2c7529e.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202211072116.p0.ga085f1c.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202211072116.p0.g6bf2e33.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202211072116.p0.g6bf2e33.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202211072116.p0.ga851a35.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202211072116.p0.g2757f09.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202211072116.p0.gca54bcb.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202211072116.p0.g4ddaca2.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202211072116.p0.g67c3831.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-baremetal-installer-rhel8:v4.11.0-202211072116.p0.ge1f3399.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-baremetal-machine-controllers:v4.11.0-202211072116.p0.g3cbef7f.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-baremetal-rhel8-operator:v4.11.0-202211072116.p0.g3122fab.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202211072116.p0.gea6a949.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-cli:v4.11.0-202211072116.p0.g142cb44.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-cli-artifacts:v4.11.0-202211072116.p0.g142cb44.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-cloud-credential-operator:v4.11.0-202211072116.p0.ga36704a.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-cluster-api-rhel8:v4.11.0-202211072116.p0.gf9c215c.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-cluster-authentication-operator:v4.11.0-202211072116.p0.ge2bcbaa.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-cluster-autoscaler:v4.11.0-202211072116.p0.ga25f930.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-cluster-autoscaler-operator:v4.11.0-202211072116.p0.gfcffbcd.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202211072116.p0.g2c270a5.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-cluster-bootstrap:v4.11.0-202211072116.p0.gf22d1c6.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z
Red Hat OpenShift Container Platform 4.11	`openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202211072116.p0.g06d77ef.assembly.stream`	RHSA-2022:8535	2022-11-24T00:00:00Z

Package state

Product	Package	State
cert-manager Operator for Red Hat OpenShift	`cert-manager/cert-manager-operator-rhel9`	Will not fix
Migration Toolkit for Virtualization	`migration-toolkit-virtualization/mtv-controller-rhel9`	Affected
Node HealthCheck Operator	`workload-availability/node-healthcheck-rhel8-operator`	Affected
Node Maintenance Operator	`workload-availability/node-maintenance-rhel8-operator`	Affected
OpenShift Developer Tools and Services	`helm`	Affected
OpenShift Developer Tools and Services	`ocp-tools-4/jenkins-rhel8`	Affected
OpenShift Developer Tools and Services	`odo`	Affected
OpenShift Pipelines	`openshift-pipelines-client`	Will not fix
Red Hat 3scale API Management Platform 2	`3scale-operator-container`	Affected
Red Hat Advanced Cluster Management for Kubernetes 2	`rhacm2/subctl-rhel9`	Affected
Red Hat Advanced Cluster Security 3	`advanced-cluster-security/rhacs-main-rhel8`	Affected
Red Hat AMQ Broker 7	`amq-broker-rhel8-operator-container`	Affected
Red Hat Ansible Automation Platform 2	`openshift-clients`	Affected
Red Hat Ansible Automation Platform 2	`receptor`	Affected
Red Hat Application Interconnect 1.0	`skupper-cli`	Affected
Red Hat Ceph Storage 3	`golang`	Out of support scope
Red Hat Ceph Storage 5	`rhceph/rhceph-5-dashboard-rhel8`	Affected
Red Hat Enterprise Linux 8	`container-tools:3.0/buildah`	Will not fix
Red Hat Enterprise Linux 8	`container-tools:3.0/podman`	Affected
Red Hat Enterprise Linux 8	`container-tools:3.0/skopeo`	Affected
Red Hat Enterprise Linux 8	`grafana-pcp`	Not affected
Red Hat Enterprise Linux 9	`buildah`	Will not fix
Red Hat Enterprise Linux 9	`conmon`	Not affected
Red Hat Enterprise Linux 9	`grafana-pcp`	Not affected
Red Hat Enterprise Linux 9	`ignition`	Will not fix
Red Hat Enterprise Linux 9	`podman`	Will not fix
Red Hat Enterprise Linux 9	`skopeo`	Will not fix
Red Hat OpenShift Container Platform 4	`cri-o`	Not affected
Red Hat OpenShift Container Platform 4	`cri-tools`	Not affected
Red Hat OpenShift Container Platform 4	`openshift`	Not affected
Red Hat OpenShift Container Platform 4	`openshift-golang-builder-container`	Affected
Red Hat Openshift Data Foundation 4	`mcg`	Affected
Red Hat OpenShift Dev Spaces	`devspaces/devspaces-rhel8-operator`	Will not fix
Red Hat OpenShift distributed tracing 2	`rhosdt/jaeger-agent-rhel8`	Not affected
Red Hat OpenShift GitOps	`openshift-gitops-1/gitops-rhel8`	Affected
Red Hat OpenShift GitOps	`openshift-gitops-kam`	Affected
Red Hat OpenShift on AWS	`rosa`	Affected
Red Hat Quay 3	`quay/clair-rhel8`	Affected
Red Hat Storage 3	`golang`	Out of support scope
Red Hat Storage 3	`go-toolset-7-golang`	Out of support scope
Red Hat Storage 3	`heketi`	Out of support scope
Red Hat Web Terminal	`web-terminal-exec-container`	Affected
Self Node Remediation Operator	`workload-availability/self-node-remediation-rhel8-operator`	Affected

Apply commands

bash fix

Apply RHSA-2023:1174 for OADP-1.1-RHEL-8

yum update -y oadp/oadp-velero-rhel8:1
# or:
dnf upgrade -y oadp/oadp-velero-rhel8:1

Affected

Vendor	Product	Version
redhat	Migration Toolkit for Virtualization	`Affected`
redhat	Node HealthCheck Operator	`Affected`
redhat	Node Maintenance Operator	`Affected`
redhat	OpenShift Developer Tools and Services	`Affected`
redhat	OpenShift Developer Tools and Services	`Affected`
redhat	OpenShift Developer Tools and Services	`Affected`
redhat	Red Hat 3scale API Management Platform 2	`Affected`
redhat	Red Hat Advanced Cluster Management for Kubernetes 2	`Affected`
redhat	Red Hat Advanced Cluster Security 3	`Affected`
redhat	Red Hat AMQ Broker 7	`Affected`
redhat	Red Hat Ansible Automation Platform 2	`Affected`
redhat	Red Hat Ansible Automation Platform 2	`Affected`
redhat	Red Hat Application Interconnect 1.0	`Affected`
redhat	Red Hat Ceph Storage 5	`Affected`
redhat	Red Hat Enterprise Linux 8	`Affected`
redhat	Red Hat Enterprise Linux 8	`Affected`
redhat	Red Hat Enterprise Linux 8	`Not affected`
redhat	Red Hat Enterprise Linux 9	`Not affected`
redhat	Red Hat Enterprise Linux 9	`Not affected`
redhat	Red Hat OpenShift Container Platform 4	`Not affected`
redhat	Red Hat OpenShift Container Platform 4	`Not affected`
redhat	Red Hat OpenShift Container Platform 4	`Not affected`
redhat	Red Hat OpenShift Container Platform 4	`Affected`
redhat	Red Hat Openshift Data Foundation 4	`Affected`
redhat	Red Hat OpenShift distributed tracing 2	`Not affected`
redhat	Red Hat OpenShift GitOps	`Affected`
redhat	Red Hat OpenShift GitOps	`Affected`
redhat	Red Hat OpenShift on AWS	`Affected`
redhat	Red Hat Quay 3	`Affected`
redhat	Red Hat Web Terminal	`Affected`

OS impact

OS	Version	Status	Fixed in
rhel	9	fixed
rocky	8	fixed
sles		affected
debian	bullseye	affected
debian	bookworm	fixed	`1.19.2-1`
rocky	9	fixed

Package impact

Ecosystem	Package	Vulnerable	Fixed
Go	stdlib	`>=1.19.0-0,<1.19.2`	`1.18.7`

References

Verify integrity in audit chain (admin only). AS-IS.