https://bugzilla.redhat.com/show_bug.cgi?id=1798509
--- Comment #15 from Cedric Buissart 🐶 <cbuissar(a)redhat.com> ---
Statement:
OpenShift Container Platform ships a vulnerable netty library as part of the
logging-elasticsearch5 container. ElasticSearch's security team has stated that
the previous vulnerability, CVE-2019-16869, does not poses a substantial
practical threat to ElasticSearch 6 [1]. We agree that this issue would be
difficult to exploit both these vulnerabilities on OpenShift Container
Platform, so we're reducing the impact of this issue to moderate and may fix it
in the future release.
Red Hat Satellite ships a vulnerable version of netty embedded in Candlepin.
However, the flaw can not be triggered in that context, because HTTP requests
are handled by Tomcat, not by netty. A future release may fix this.
[1]
https://github.com/elastic/elasticsearch/issues/49396
--
You are receiving this mail because:
You are on the CC list for the bug.