VDB

RHSA-2023%3A1392

RHSA-2023%3A1392 PUBLISHED CVSS 6.5 MEDIUM

A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled documents.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersions
Red Hatopenshift4/ose-machine-api-operator@sha256:48915b47295a8ccf9db38d652ff26fa4e4838e84212445afba9787f447f51c39_s390x as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-machine-api-operator@sha256:48915b47295a8ccf9db38d652ff26fa4e4838e84212445afba9787f447f51c39_s390x, openshift4/ose-machine-api-operator@sha256:48915b47295a8ccf9db38d652ff26fa4e4838e84212445afba9787f447f51c39_s390x, *
Red Hatopenshift4/network-tools-rhel8@sha256:5719b062468c0707e7ac8ef58786e5f7b8797ffb437ae8b6c4c3f3895b6e8c71_arm64 as a component of Red Hat OpenShift Container Platform 4.10openshift4/network-tools-rhel8@sha256:5719b062468c0707e7ac8ef58786e5f7b8797ffb437ae8b6c4c3f3895b6e8c71_arm64, openshift4/network-tools-rhel8@sha256:5719b062468c0707e7ac8ef58786e5f7b8797ffb437ae8b6c4c3f3895b6e8c71_arm64, openshift4/network-tools-rhel8@sha256:5719b062468c0707e7ac8ef58786e5f7b8797ffb437ae8b6c4c3f3895b6e8c71_arm64
Red Hatopenshift4/ose-cluster-network-operator@sha256:4767b572d3ea00dcc3c00124cc9aa5d64f7a3b168bfe168c49a52c3f587f0e2b_amd64 as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-cluster-network-operator@sha256:4767b572d3ea00dcc3c00124cc9aa5d64f7a3b168bfe168c49a52c3f587f0e2b_amd64, openshift4/ose-cluster-network-operator@sha256:4767b572d3ea00dcc3c00124cc9aa5d64f7a3b168bfe168c49a52c3f587f0e2b_amd64, *
Red Hatopenshift4/ose-cluster-node-tuning-operator@sha256:ce6465a2085fbe473eda311adab8c013d257bf4919227e2f7d4f79616e022193_ppc64le as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-cluster-node-tuning-operator@sha256:ce6465a2085fbe473eda311adab8c013d257bf4919227e2f7d4f79616e022193_ppc64le, openshift4/ose-cluster-node-tuning-operator@sha256:ce6465a2085fbe473eda311adab8c013d257bf4919227e2f7d4f79616e022193_ppc64le, openshift4/ose-cluster-node-tuning-operator@sha256:ce6465a2085fbe473eda311adab8c013d257bf4919227e2f7d4f79616e022193_ppc64le
Red Hatopenshift4/ose-pod@sha256:52ae0dd40e950b8e494b93bd0a8a292853599ab477113184cc8ad5e5b75720c1_amd64 as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-pod@sha256:52ae0dd40e950b8e494b93bd0a8a292853599ab477113184cc8ad5e5b75720c1_amd64, *, openshift4/ose-pod@sha256:52ae0dd40e950b8e494b93bd0a8a292853599ab477113184cc8ad5e5b75720c1_amd64
Red Hatopenshift4/ose-cluster-etcd-rhel8-operator@sha256:97aa85f55d12b725ae8a08309139e61de7cd75b9594789ea321e1ba431ecada1_amd64 as a component of Red Hat OpenShift Container Platform 4.10*, *, openshift4/ose-cluster-etcd-rhel8-operator@sha256:97aa85f55d12b725ae8a08309139e61de7cd75b9594789ea321e1ba431ecada1_amd64
Red Hatopenshift4/ose-tests@sha256:f7effff753a39a1f41a23f7aff1f7fbc87516430414f314262e5f653aa181bb2_s390x as a component of Red Hat OpenShift Container Platform 4.10*, *, *
Red Hatopenshift4/ose-ironic-rhel8@sha256:df72412d253db2f5ca9cf4ba48ecbfd61bf8f581d818afb40953b959966ea907_amd64 as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-ironic-rhel8@sha256:df72412d253db2f5ca9cf4ba48ecbfd61bf8f581d818afb40953b959966ea907_amd64, *, *
Red Hatopenshift4/network-tools-rhel8@sha256:a8240b03b675877e4fc745591dea05975f24ec0611c713595c033093d199cb97_s390x as a component of Red Hat OpenShift Container Platform 4.10*, *, *
Red Hatopenshift4/ose-tests@sha256:c80e8dce24dda2f1c4b4a6c87d8e911252b9385cee66fa7058562df1f6ad38e9_arm64 as a component of Red Hat OpenShift Container Platform 4.10*, *, openshift4/ose-tests@sha256:c80e8dce24dda2f1c4b4a6c87d8e911252b9385cee66fa7058562df1f6ad38e9_arm64
Red Hatopenshift4/ose-machine-api-operator@sha256:0af1ad3e3f47378d8a0b18cb4c02876f458aea0b6592eef1d8803c07d9e02157_amd64 as a component of Red Hat OpenShift Container Platform 4.10*, *, openshift4/ose-machine-api-operator@sha256:0af1ad3e3f47378d8a0b18cb4c02876f458aea0b6592eef1d8803c07d9e02157_amd64
Red Hatopenshift4/ose-pod@sha256:60d5b3c859daf8e0f155c7780eb68668091779ad18dd1624f404a7083ae57a30_ppc64le as a component of Red Hat OpenShift Container Platform 4.10*, *, openshift4/ose-pod@sha256:60d5b3c859daf8e0f155c7780eb68668091779ad18dd1624f404a7083ae57a30_ppc64le
Red Hatopenshift4/ose-jenkins-agent-maven@sha256:aebcc5cb4489a1978bde82670ace9052bc5523e9a1fb77908128f8cbd9ffdfc9_amd64 as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-jenkins-agent-maven@sha256:aebcc5cb4489a1978bde82670ace9052bc5523e9a1fb77908128f8cbd9ffdfc9_amd64, *, openshift4/ose-jenkins-agent-maven@sha256:aebcc5cb4489a1978bde82670ace9052bc5523e9a1fb77908128f8cbd9ffdfc9_amd64
Red Hatopenshift4/ose-hyperkube@sha256:e0fb1d61fc7946b099b85110f4f154d5efcba100ffe4de6e5b65abfefb35c846_ppc64le as a component of Red Hat OpenShift Container Platform 4.10*, *, *
Red Hatopenshift4/ose-ovn-kubernetes@sha256:8988731d7635db12c1141dccddc36e0b5c73ed735ab0486cda642b2116311508_arm64 as a component of Red Hat OpenShift Container Platform 4.10*, *, openshift4/ose-ovn-kubernetes@sha256:8988731d7635db12c1141dccddc36e0b5c73ed735ab0486cda642b2116311508_arm64
Red Hatopenshift4/ose-cluster-kube-scheduler-operator@sha256:4558f01509aece26d7060b037ff7658c49707c26f27f11a630581e06fa792bb0_amd64 as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-cluster-kube-scheduler-operator@sha256:4558f01509aece26d7060b037ff7658c49707c26f27f11a630581e06fa792bb0_amd64, *, openshift4/ose-cluster-kube-scheduler-operator@sha256:4558f01509aece26d7060b037ff7658c49707c26f27f11a630581e06fa792bb0_amd64
Red Hatopenshift4/ose-cluster-network-operator@sha256:28283b9bf70eeeac07ab3b88d233d7725411515d21056a828ff066b7d2d8d0dc_arm64 as a component of Red Hat OpenShift Container Platform 4.10*, *, openshift4/ose-cluster-network-operator@sha256:28283b9bf70eeeac07ab3b88d233d7725411515d21056a828ff066b7d2d8d0dc_arm64
Red Hatopenshift4/ose-multus-cni@sha256:bea80a9886c59d60d7c7b93457ecabe560459cafeba303a842b22a37cd6988f5_s390x as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-multus-cni@sha256:bea80a9886c59d60d7c7b93457ecabe560459cafeba303a842b22a37cd6988f5_s390x, openshift4/ose-multus-cni@sha256:bea80a9886c59d60d7c7b93457ecabe560459cafeba303a842b22a37cd6988f5_s390x, *
Red Hatopenshift4/ose-ovn-kubernetes@sha256:8988731d7635db12c1141dccddc36e0b5c73ed735ab0486cda642b2116311508_arm64 as a component of Red Hat OpenShift Container Platform 4.10*, openshift4/ose-ovn-kubernetes@sha256:8988731d7635db12c1141dccddc36e0b5c73ed735ab0486cda642b2116311508_arm64, *
Red Hatopenshift4/ose-jenkins-agent-nodejs-12-rhel8@sha256:ef2247eefac5d4365dd70396d6fd093754475cb1523c4fe6620d46c8c2f2b48c_arm64 as a component of Red Hat OpenShift Container Platform 4.10*, openshift4/ose-jenkins-agent-nodejs-12-rhel8@sha256:ef2247eefac5d4365dd70396d6fd093754475cb1523c4fe6620d46c8c2f2b48c_arm64, openshift4/ose-jenkins-agent-nodejs-12-rhel8@sha256:ef2247eefac5d4365dd70396d6fd093754475cb1523c4fe6620d46c8c2f2b48c_arm64

…and 184 more

Timeline

  • Mar 29, 2023 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Jun 23, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›