{"id":"RHSA-2022:4711","summary":"Red Hat Security Advisory: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update","modified":"2026-04-02T10:02:21Z","published":"2024-09-16T06:52:10Z","upstream":["CVE-2021-23425","CVE-2021-33502","CVE-2021-3807","CVE-2021-41182","CVE-2021-41183","CVE-2021-41184"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2022:4711"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#moderate"},{"type":"ARTICLE","url":"https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=655153"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=977778"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1624015"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1648985"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1667517"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687845"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1781241"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1782056"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849169"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1878930"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1922977"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1926625"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1927985"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1944290"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1944834"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956295"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1959186"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1964208"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1964461"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1971622"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1974741"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1979441"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1979797"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1980192"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986726"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986834"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1987121"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1988496"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1990462"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1991240"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1995793"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1996123"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1998255"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1999698"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2000031"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2002283"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2003883"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2003996"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2006602"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2006745"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2007384"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2007557"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2008798"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010203"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010903"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2013928"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2014888"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2015796"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019144"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019148"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019153"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2021217"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023250"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023786"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024202"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2025936"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030596"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030663"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2031027"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2035051"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2037115"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2037121"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2040361"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2040402"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2040474"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2041544"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2043146"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2044273"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2048546"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2050566"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2050614"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2051857"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2052557"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2052690"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2054756"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2055136"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2056021"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2056052"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2056126"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2058264"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2059521"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2059877"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2061904"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2065052"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2066084"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2066283"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2069972"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2070156"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2071468"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072637"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072639"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072641"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072642"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072645"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072646"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2075352"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4711.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-3807"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2021-3807"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3807"},{"type":"ARTICLE","url":"https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-23425"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2021-23425"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23425"},{"type":"ARTICLE","url":"https://snyk.io/vuln/SNYK-JS-TRIMOFFNEWLINES-1296850"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-33502"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2021-33502"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33502"},{"type":"ARTICLE","url":"https://snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-41182"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2021-41182"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41182"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-41183"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2021-41183"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41183"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-41184"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2021-41184"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41184"}],"affected":[{"package":{"name":"ovirt-engine-ui-extensions","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/ovirt-engine-ui-extensions"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.3.3-1.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:4711.json"}},{"package":{"name":"ovirt-web-ui","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/ovirt-web-ui"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.8.1-2.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:4711.json"}},{"package":{"name":"ovirt-engine","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/ovirt-engine"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.0.7-0.9.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:4711.json"}},{"package":{"name":"ovirt-engine-backend","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/ovirt-engine-backend"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.0.7-0.9.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:4711.json"}},{"package":{"name":"ovirt-engine-dbscripts","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/ovirt-engine-dbscripts"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.0.7-0.9.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:4711.json"}},{"package":{"name":"ovirt-engine-health-check-bundler","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/ovirt-engine-health-check-bundler"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.0.7-0.9.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:4711.json"}},{"package":{"name":"ovirt-engine-restapi","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/ovirt-engine-restapi"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.0.7-0.9.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:4711.json"}},{"package":{"name":"ovirt-engine-setup","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/ovirt-engine-setup"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.0.7-0.9.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:4711.json"}},{"package":{"name":"ovirt-engine-setup-base","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/ovirt-engine-setup-base"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.0.7-0.9.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:4711.json"}},{"package":{"name":"ovirt-engine-setup-plugin-cinderlib","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.0.7-0.9.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:4711.json"}},{"package":{"name":"ovirt-engine-setup-plugin-imageio","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.0.7-0.9.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:4711.json"}},{"package":{"name":"ovirt-engine-setup-plugin-ovirt-engine","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.0.7-0.9.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:4711.json"}},{"package":{"name":"ovirt-engine-setup-plugin-ovirt-engine-common","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.0.7-0.9.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:4711.json"}},{"package":{"name":"ovirt-engine-setup-plugin-vmconsole-proxy-helper","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.0.7-0.9.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:4711.json"}},{"package":{"name":"ovirt-engine-setup-plugin-websocket-proxy","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.0.7-0.9.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:4711.json"}},{"package":{"name":"ovirt-engine-tools","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/ovirt-engine-tools"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.0.7-0.9.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:4711.json"}},{"package":{"name":"ovirt-engine-tools-backup","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/ovirt-engine-tools-backup"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.0.7-0.9.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:4711.json"}},{"package":{"name":"ovirt-engine-vmconsole-proxy-helper","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.0.7-0.9.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:4711.json"}},{"package":{"name":"ovirt-engine-webadmin-portal","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/ovirt-engine-webadmin-portal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.0.7-0.9.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:4711.json"}},{"package":{"name":"ovirt-engine-websocket-proxy","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/ovirt-engine-websocket-proxy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.0.7-0.9.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:4711.json"}},{"package":{"name":"python3-ovirt-engine-lib","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/python3-ovirt-engine-lib"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.0.7-0.9.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:4711.json"}},{"package":{"name":"rhvm","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/rhvm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.0.7-0.9.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:4711.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}