Description of problem: CVE-2023-2253 is reported in "github.com/docker/distribution v0.0.0-20191216044856-a8371794149d" This level is bundled with OSE package 4.12 through OPM. The fix is provided in 4.13 through errata. https://access.redhat.com/errata/RHSA-2023:4091 Looking for the timeline when will it be ported back to 4.12.
I think this should likely be filed against OpenShift unless there is something that I am missing that relates to OpenStack.
It is not fixed in the OSE 4.12. Reported at: CVE-2023-2253 go github.com/docker/distribution v0.0.0-20191216044856-a8371794149d Fixed in: fixed in 2.8.0 github.com/docker/distribution v0.0.0-20191216044856-a8371794149d Fixed in : fixed in 2.8.2-beta.1 go
This issue needs to be filed with OpenShift at https://issues.redhat.com/projects/OCPBUGS/issues instead of OpenStack. Closing this as not a bug.