Bug 2050897

Summary: CVE-2022-0235 mcg-core-container: node-fetch: exposure of sensitive information to an unauthorized actor [openshift-data-foundation-4]
Product: [Red Hat Storage] Red Hat OpenShift Data Foundation Reporter: Sage McTaggart <amctagga>
Component: Multi-Cloud Object GatewayAssignee: Liran Mauda <lmauda>
Status: CLOSED ERRATA QA Contact: Elad <ebenahar>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.9CC: bniver, etamir, lmauda, mmuench, muagarwa, ocs-bugs, odf-bz-bot, sostapov, tmuthami
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: ODF 4.11.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 4.11.0-89 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-08-24 13:48:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2044591    
Deadline: 2022-07-15   

Description Sage McTaggart 2022-02-04 21:37:51 UTC 
openshift-container-storage-4 tracking bug for noobaa-operator-container: see the bugs linked in the "Blocks" field of this bug for full details of the security issue(s).

This bug is never intended to be made public, please put any public notes in the blocked bugs.

Impact: Low.
Public Date: 16-Jan-2022
PM Fix/Wontfix Decision By: Per SLA
Resolve Bug By: Per SLA

In case the dates above are already past, please evaluate this bug in your next prioritization review and make a decision then. Remember to explicitly set CLOSED:WONTFIX if you decide not to fix this bug.

Please see the Security Errata Policy for further details: https://docs.engineering.redhat.com/x/9RBqB
Comment 12 errata-xmlrpc 2022-08-24 13:48:26 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:6156