Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-5404 (GCVE-0-2020-5404)
Vulnerability from cvelistv5 – Published: 2020-03-03 17:55 – Updated: 2024-09-17 01:02
VLAI?
EPSS
Title
Authentication Leak On Redirect With Reactor Netty HttpClient
Summary
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.
Severity ?
6.5 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal | Reactor Netty |
Affected:
0.8 , < v0.8.16.RELEASE
(custom)
Affected: 0.9 , < v0.9.5.RELEASE (custom) |
Date Public ?
2020-02-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2020-5404"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Reactor Netty",
"vendor": "Pivotal",
"versions": [
{
"lessThan": "v0.8.16.RELEASE",
"status": "affected",
"version": "0.8",
"versionType": "custom"
},
{
"lessThan": "v0.9.5.RELEASE",
"status": "affected",
"version": "0.9",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-03T17:55:13.000Z",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2020-5404"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication Leak On Redirect With Reactor Netty HttpClient",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2020-02-27T00:00:00.000Z",
"ID": "CVE-2020-5404",
"STATE": "PUBLIC",
"TITLE": "Authentication Leak On Redirect With Reactor Netty HttpClient"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reactor Netty",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "0.8",
"version_value": "v0.8.16.RELEASE"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "0.9",
"version_value": "v0.9.5.RELEASE"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2020-5404",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2020-5404"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2020-5404",
"datePublished": "2020-03-03T17:55:13.953Z",
"dateReserved": "2020-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:02:01.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:reactor_netty:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"0.8.0\", \"versionEndIncluding\": \"0.8.15\", \"matchCriteriaId\": \"D17BE00C-FA7A-4024-AB15-5D12D1394CB7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:reactor_netty:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"0.9.0\", \"versionEndIncluding\": \"0.9.4\", \"matchCriteriaId\": \"F4298A26-4A66-4528-9A83-6C71739184CE\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.\"}, {\"lang\": \"es\", \"value\": \"El HttpClient del Reactor Netty, versiones 0.9.x anteriores a 0.9.5, y versiones 0.8.x anteriores a 0.8.16, puede ser usado incorrectamente, conllevando a un filtrado de credenciales durante un redireccionamiento hacia un dominio diferente. A fin de que esto ocurra, el HttpClient debe haber sido configurado expl\\u00edcitamente para seguir los redireccionamientos.\"}]",
"id": "CVE-2020-5404",
"lastModified": "2024-11-21T05:34:04.980",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 4.2}], \"cvssMetricV30\": [{\"source\": \"security@pivotal.io\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.3, \"impactScore\": 4.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:P/I:P/A:N\", \"baseScore\": 4.9, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.8, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2020-03-03T18:15:12.157",
"references": "[{\"url\": \"https://pivotal.io/security/cve-2020-5404\", \"source\": \"security@pivotal.io\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://pivotal.io/security/cve-2020-5404\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@pivotal.io",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@pivotal.io\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-522\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-522\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-5404\",\"sourceIdentifier\":\"security@pivotal.io\",\"published\":\"2020-03-03T18:15:12.157\",\"lastModified\":\"2024-11-21T05:34:04.980\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.\"},{\"lang\":\"es\",\"value\":\"El HttpClient del Reactor Netty, versiones 0.9.x anteriores a 0.9.5, y versiones 0.8.x anteriores a 0.8.16, puede ser usado incorrectamente, conllevando a un filtrado de credenciales durante un redireccionamiento hacia un dominio diferente. A fin de que esto ocurra, el HttpClient debe haber sido configurado expl\u00edcitamente para seguir los redireccionamientos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":4.2}],\"cvssMetricV30\":[{\"source\":\"security@pivotal.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.3,\"impactScore\":4.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:N\",\"baseScore\":4.9,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@pivotal.io\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:reactor_netty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.8.0\",\"versionEndIncluding\":\"0.8.15\",\"matchCriteriaId\":\"D17BE00C-FA7A-4024-AB15-5D12D1394CB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:reactor_netty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.9.0\",\"versionEndIncluding\":\"0.9.4\",\"matchCriteriaId\":\"F4298A26-4A66-4528-9A83-6C71739184CE\"}]}]}],\"references\":[{\"url\":\"https://pivotal.io/security/cve-2020-5404\",\"source\":\"security@pivotal.io\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://pivotal.io/security/cve-2020-5404\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
GHSA-GPCH-H32J-GX6X
Vulnerability from github – Published: 2022-02-10 20:24 – Updated: 2021-07-08 14:31
VLAI?
Summary
Insufficiently Protected Credentials in Reactor Netty
Details
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.
Severity ?
5.9 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.projectreactor.netty:reactor-netty-http"
},
"ranges": [
{
"events": [
{
"introduced": "0.9.0"
},
{
"fixed": "0.9.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.projectreactor.netty:reactor-netty-http"
},
"ranges": [
{
"events": [
{
"introduced": "0.8.0"
},
{
"fixed": "0.8.16"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-5404"
],
"database_specific": {
"cwe_ids": [
"CWE-522"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-22T20:23:58Z",
"nvd_published_at": "2020-03-03T18:15:00Z",
"severity": "MODERATE"
},
"details": "The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.",
"id": "GHSA-gpch-h32j-gx6x",
"modified": "2021-07-08T14:31:41Z",
"published": "2022-02-10T20:24:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5404"
},
{
"type": "WEB",
"url": "https://pivotal.io/security/cve-2020-5404"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Insufficiently Protected Credentials in Reactor Netty"
}
FKIE_CVE-2020-5404
Vulnerability from fkie_nvd - Published: 2020-03-03 18:15 - Updated: 2024-11-21 05:34
Severity ?
Summary
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.
References
| URL | Tags | ||
|---|---|---|---|
| security@pivotal.io | https://pivotal.io/security/cve-2020-5404 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2020-5404 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pivotal | reactor_netty | * | |
| pivotal | reactor_netty | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal:reactor_netty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D17BE00C-FA7A-4024-AB15-5D12D1394CB7",
"versionEndIncluding": "0.8.15",
"versionStartIncluding": "0.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:reactor_netty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4298A26-4A66-4528-9A83-6C71739184CE",
"versionEndIncluding": "0.9.4",
"versionStartIncluding": "0.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects."
},
{
"lang": "es",
"value": "El HttpClient del Reactor Netty, versiones 0.9.x anteriores a 0.9.5, y versiones 0.8.x anteriores a 0.8.16, puede ser usado incorrectamente, conllevando a un filtrado de credenciales durante un redireccionamiento hacia un dominio diferente. A fin de que esto ocurra, el HttpClient debe haber sido configurado expl\u00edcitamente para seguir los redireccionamientos."
}
],
"id": "CVE-2020-5404",
"lastModified": "2024-11-21T05:34:04.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 4.7,
"source": "security@pivotal.io",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-03T18:15:12.157",
"references": [
{
"source": "security@pivotal.io",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2020-5404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2020-5404"
}
],
"sourceIdentifier": "security@pivotal.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "security@pivotal.io",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
RHSA-2022:8761
Vulnerability from csaf_redhat - Published: 2022-12-14 13:17 - Updated: 2026-03-18 02:18Summary
Red Hat Security Advisory: Red Hat support for Spring Boot 2.7.2 update
Severity
Moderate
Notes
Topic: An update is now available for Red Hat OpenShift Application Runtimes.
Details: Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.
This release of Red Hat support for Spring Boot 2.7.2 serves as a replacement for Red Hat support for Spring Boot 2.5.12, and includes security, bug fixes and enhancements. For more information, see the release notes listed in the References section.
Security Fix(es):
* reactor-netty: specific redirect configuration allows for a credentials leak (CVE-2020-5404)
* kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)
* protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569)
* undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) (CVE-2022-1259)
* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)
* spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.
5.9 (Medium)
Vendor Fix
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
https://access.redhat.com/errata/RHSA-2022:8761
A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.
6.7 (Medium)
Vendor Fix
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
https://access.redhat.com/errata/RHSA-2022:8761
A flaw was found in protobuf-java. Google Protocol Buffer (protobuf-java) allows the interleaving of com.google.protobuf.UnknownFieldSet fields. By persuading a victim to open specially-crafted content, a remote attacker could cause a timeout in the ProtobufFuzzer function, resulting in a denial of service.
5.5 (Medium)
Vendor Fix
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
https://access.redhat.com/errata/RHSA-2022:8761
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server.
7.5 (High)
Vendor Fix
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
https://access.redhat.com/errata/RHSA-2022:8761
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
7.5 (High)
Vendor Fix
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
https://access.redhat.com/errata/RHSA-2022:8761
A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service.
7.5 (High)
Vendor Fix
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
https://access.redhat.com/errata/RHSA-2022:8761
References
Acknowledgments
Jordy Versmissen
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Application Runtimes.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.\n\nThis release of Red Hat support for Spring Boot 2.7.2 serves as a replacement for Red Hat support for Spring Boot 2.5.12, and includes security, bug fixes and enhancements. For more information, see the release notes listed in the References section.\n\nSecurity Fix(es):\n\n* reactor-netty: specific redirect configuration allows for a credentials leak (CVE-2020-5404)\n\n* kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)\n\n* protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569)\n\n* undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) (CVE-2022-1259)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8761",
"url": "https://access.redhat.com/errata/RHSA-2022:8761"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.spring.boot\u0026version=2.7.2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.spring.boot\u0026version=2.7.2"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/2.7/html/release_notes_for_spring_boot_2.7/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/2.7/html/release_notes_for_spring_boot_2.7/index"
},
{
"category": "external",
"summary": "1975160",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975160"
},
{
"category": "external",
"summary": "2034388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034388"
},
{
"category": "external",
"summary": "2039903",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039903"
},
{
"category": "external",
"summary": "2069414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069414"
},
{
"category": "external",
"summary": "2072339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339"
},
{
"category": "external",
"summary": "2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8761.json"
}
],
"title": "Red Hat Security Advisory: Red Hat support for Spring Boot 2.7.2 update",
"tracking": {
"current_release_date": "2026-03-18T02:18:09+00:00",
"generator": {
"date": "2026-03-18T02:18:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2022:8761",
"initial_release_date": "2022-12-14T13:17:22+00:00",
"revision_history": [
{
"date": "2022-12-14T13:17:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-12-14T13:17:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T02:18:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Text-Only RHOAR",
"product": {
"name": "Text-Only RHOAR",
"product_id": "Text-Only RHOAR",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Application Runtimes"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-5404",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2021-06-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1975160"
}
],
"notes": [
{
"category": "description",
"text": "The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "reactor-netty: specific redirect configuration allows for a credentials leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-5404"
},
{
"category": "external",
"summary": "RHBZ#1975160",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975160"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-5404",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5404"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-5404",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5404"
}
],
"release_date": "2020-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-14T13:17:22+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8761"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "reactor-netty: specific redirect configuration allows for a credentials leak"
},
{
"acknowledgments": [
{
"names": [
"Jordy Versmissen"
]
}
],
"cve": "CVE-2021-4178",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2021-12-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2034388"
}
],
"notes": [
{
"category": "description",
"text": "A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubernetes-client: Insecure deserialization in unmarshalYaml method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CodeReady Studio 12 is not affected by this flaw because it does not ship a vulnerable version of kubernetes-client; the version that it ships does not use SnakeYAML.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4178"
},
{
"category": "external",
"summary": "RHBZ#2034388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4178",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4178"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4178"
}
],
"release_date": "2022-01-05T15:05:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-14T13:17:22+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8761"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kubernetes-client: Insecure deserialization in unmarshalYaml method"
},
{
"cve": "CVE-2021-22569",
"cwe": {
"id": "CWE-696",
"name": "Incorrect Behavior Order"
},
"discovery_date": "2022-01-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2039903"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in protobuf-java. Google Protocol Buffer (protobuf-java) allows the interleaving of com.google.protobuf.UnknownFieldSet fields. By persuading a victim to open specially-crafted content, a remote attacker could cause a timeout in the ProtobufFuzzer function, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobuf-java: potential DoS in the parsing procedure for binary data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-22569"
},
{
"category": "external",
"summary": "RHBZ#2039903",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039903"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22569",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22569"
},
{
"category": "external",
"summary": "https://github.com/protocolbuffers/protobuf/commit/b3093dce58bc9d3042f085666d83c8ef1f51fe7b",
"url": "https://github.com/protocolbuffers/protobuf/commit/b3093dce58bc9d3042f085666d83c8ef1f51fe7b"
},
{
"category": "external",
"summary": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67",
"url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67"
}
],
"release_date": "2022-01-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-14T13:17:22+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8761"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "protobuf-java: potential DoS in the parsing procedure for binary data"
},
{
"cve": "CVE-2022-1259",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-04-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs because of an incomplete fix for CVE-2021-3629.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1259"
},
{
"category": "external",
"summary": "RHBZ#2072339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1259",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1259"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1259",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1259"
}
],
"release_date": "2022-04-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-14T13:17:22+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8761"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)"
},
{
"cve": "CVE-2022-1319",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-04-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2073890"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1319"
},
{
"category": "external",
"summary": "RHBZ#2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319"
}
],
"release_date": "2022-04-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-14T13:17:22+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8761"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures"
},
{
"cve": "CVE-2022-22950",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2069414"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-expression: Denial of service via specially crafted SpEL expression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22950"
},
{
"category": "external",
"summary": "RHBZ#2069414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069414"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22950",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22950"
}
],
"release_date": "2022-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-14T13:17:22+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8761"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "spring-expression: Denial of service via specially crafted SpEL expression"
}
]
}
RHSA-2022_8761
Vulnerability from csaf_redhat - Published: 2022-12-14 13:17 - Updated: 2024-11-22 20:14Summary
Red Hat Security Advisory: Red Hat support for Spring Boot 2.7.2 update
Severity
Moderate
Notes
Topic: An update is now available for Red Hat OpenShift Application Runtimes.
Details: Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.
This release of Red Hat support for Spring Boot 2.7.2 serves as a replacement for Red Hat support for Spring Boot 2.5.12, and includes security, bug fixes and enhancements. For more information, see the release notes listed in the References section.
Security Fix(es):
* reactor-netty: specific redirect configuration allows for a credentials leak (CVE-2020-5404)
* kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)
* protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569)
* undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) (CVE-2022-1259)
* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)
* spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.
5.9 (Medium)
Vendor Fix
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
https://access.redhat.com/errata/RHSA-2022:8761
A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.
6.7 (Medium)
Vendor Fix
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
https://access.redhat.com/errata/RHSA-2022:8761
A flaw was found in protobuf-java. Google Protocol Buffer (protobuf-java) allows the interleaving of com.google.protobuf.UnknownFieldSet fields. By persuading a victim to open specially-crafted content, a remote attacker could cause a timeout in the ProtobufFuzzer function, resulting in a denial of service.
5.5 (Medium)
Vendor Fix
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
https://access.redhat.com/errata/RHSA-2022:8761
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server.
7.5 (High)
Vendor Fix
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
https://access.redhat.com/errata/RHSA-2022:8761
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
7.5 (High)
Vendor Fix
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
https://access.redhat.com/errata/RHSA-2022:8761
A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service.
7.5 (High)
Vendor Fix
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
https://access.redhat.com/errata/RHSA-2022:8761
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
Jordy Versmissen
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Application Runtimes.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.\n\nThis release of Red Hat support for Spring Boot 2.7.2 serves as a replacement for Red Hat support for Spring Boot 2.5.12, and includes security, bug fixes and enhancements. For more information, see the release notes listed in the References section.\n\nSecurity Fix(es):\n\n* reactor-netty: specific redirect configuration allows for a credentials leak (CVE-2020-5404)\n\n* kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)\n\n* protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569)\n\n* undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) (CVE-2022-1259)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8761",
"url": "https://access.redhat.com/errata/RHSA-2022:8761"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.spring.boot\u0026version=2.7.2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.spring.boot\u0026version=2.7.2"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/2.7/html/release_notes_for_spring_boot_2.7/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/2.7/html/release_notes_for_spring_boot_2.7/index"
},
{
"category": "external",
"summary": "1975160",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975160"
},
{
"category": "external",
"summary": "2034388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034388"
},
{
"category": "external",
"summary": "2039903",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039903"
},
{
"category": "external",
"summary": "2069414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069414"
},
{
"category": "external",
"summary": "2072339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339"
},
{
"category": "external",
"summary": "2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8761.json"
}
],
"title": "Red Hat Security Advisory: Red Hat support for Spring Boot 2.7.2 update",
"tracking": {
"current_release_date": "2024-11-22T20:14:24+00:00",
"generator": {
"date": "2024-11-22T20:14:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:8761",
"initial_release_date": "2022-12-14T13:17:22+00:00",
"revision_history": [
{
"date": "2022-12-14T13:17:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-12-14T13:17:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T20:14:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Text-Only RHOAR",
"product": {
"name": "Text-Only RHOAR",
"product_id": "Text-Only RHOAR",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Application Runtimes"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-5404",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2021-06-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1975160"
}
],
"notes": [
{
"category": "description",
"text": "The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "reactor-netty: specific redirect configuration allows for a credentials leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-5404"
},
{
"category": "external",
"summary": "RHBZ#1975160",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975160"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-5404",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5404"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-5404",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5404"
}
],
"release_date": "2020-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-14T13:17:22+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8761"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "reactor-netty: specific redirect configuration allows for a credentials leak"
},
{
"acknowledgments": [
{
"names": [
"Jordy Versmissen"
]
}
],
"cve": "CVE-2021-4178",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2021-12-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2034388"
}
],
"notes": [
{
"category": "description",
"text": "A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubernetes-client: Insecure deserialization in unmarshalYaml method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CodeReady Studio 12 is not affected by this flaw because it does not ship a vulnerable version of kubernetes-client; the version that it ships does not use SnakeYAML.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4178"
},
{
"category": "external",
"summary": "RHBZ#2034388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4178",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4178"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4178"
}
],
"release_date": "2022-01-05T15:05:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-14T13:17:22+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8761"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kubernetes-client: Insecure deserialization in unmarshalYaml method"
},
{
"cve": "CVE-2021-22569",
"cwe": {
"id": "CWE-696",
"name": "Incorrect Behavior Order"
},
"discovery_date": "2022-01-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2039903"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in protobuf-java. Google Protocol Buffer (protobuf-java) allows the interleaving of com.google.protobuf.UnknownFieldSet fields. By persuading a victim to open specially-crafted content, a remote attacker could cause a timeout in the ProtobufFuzzer function, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobuf-java: potential DoS in the parsing procedure for binary data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-22569"
},
{
"category": "external",
"summary": "RHBZ#2039903",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039903"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22569",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22569"
},
{
"category": "external",
"summary": "https://github.com/protocolbuffers/protobuf/commit/b3093dce58bc9d3042f085666d83c8ef1f51fe7b",
"url": "https://github.com/protocolbuffers/protobuf/commit/b3093dce58bc9d3042f085666d83c8ef1f51fe7b"
},
{
"category": "external",
"summary": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67",
"url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67"
}
],
"release_date": "2022-01-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-14T13:17:22+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8761"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "protobuf-java: potential DoS in the parsing procedure for binary data"
},
{
"cve": "CVE-2022-1259",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-04-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs because of an incomplete fix for CVE-2021-3629.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1259"
},
{
"category": "external",
"summary": "RHBZ#2072339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1259",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1259"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1259",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1259"
}
],
"release_date": "2022-04-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-14T13:17:22+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8761"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)"
},
{
"cve": "CVE-2022-1319",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-04-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2073890"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1319"
},
{
"category": "external",
"summary": "RHBZ#2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319"
}
],
"release_date": "2022-04-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-14T13:17:22+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8761"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures"
},
{
"cve": "CVE-2022-22950",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2069414"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-expression: Denial of service via specially crafted SpEL expression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22950"
},
{
"category": "external",
"summary": "RHBZ#2069414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069414"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22950",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22950"
}
],
"release_date": "2022-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-14T13:17:22+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8761"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "spring-expression: Denial of service via specially crafted SpEL expression"
}
]
}
GSD-2020-5404
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-5404",
"description": "The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.",
"id": "GSD-2020-5404",
"references": [
"https://access.redhat.com/errata/RHSA-2022:8761"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-5404"
],
"details": "The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.",
"id": "GSD-2020-5404",
"modified": "2023-12-13T01:22:03.539819Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2020-02-27T00:00:00.000Z",
"ID": "CVE-2020-5404",
"STATE": "PUBLIC",
"TITLE": "Authentication Leak On Redirect With Reactor Netty HttpClient"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reactor Netty",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_name": "0.8",
"version_value": "v0.8.16.RELEASE"
},
{
"affected": "\u003c",
"version_name": "0.9",
"version_value": "v0.9.5.RELEASE"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2020-5404",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2020-5404"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[0.8.0,0.8.16),[0.9.0,0.9.5)",
"affected_versions": "All versions starting from 0.8.0 before 0.8.16, all versions starting from 0.9.0 before 0.9.5",
"cvss_v2": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-522",
"CWE-937"
],
"date": "2022-02-10",
"description": "The HttpClient from Reactor Netty,, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.",
"fixed_versions": [
"0.9.5"
],
"identifier": "CVE-2020-5404",
"identifiers": [
"GHSA-gpch-h32j-gx6x",
"CVE-2020-5404"
],
"not_impacted": "All versions before 0.8.0, all versions starting from 0.8.16 before 0.9.0, all versions starting from 0.9.5",
"package_slug": "maven/io.projectreactor.netty/reactor-netty-http",
"pubdate": "2022-02-10",
"solution": "Upgrade to versions 0.9.5, 0.9.5 or above.",
"title": "Insufficiently Protected Credentials",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-5404",
"https://pivotal.io/security/cve-2020-5404",
"https://github.com/advisories/GHSA-gpch-h32j-gx6x"
],
"uuid": "6a56f332-d3b0-4424-b67b-ebef49bcc334"
},
{
"affected_range": "[0.8.0,0.8.15],[0.9.0,0.9.4]",
"affected_versions": "All versions starting from 0.8.0 up to 0.8.15, all versions starting from 0.9.0 up to 0.9.4",
"cvss_v2": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-522",
"CWE-937"
],
"date": "2021-07-07",
"description": "The HttpClient from Reactor Netty may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the `HttpClient` must have been explicitly configured to follow redirects.",
"fixed_versions": [
"0.8.16.RELEASE",
"0.9.5.RELEASE"
],
"identifier": "CVE-2020-5404",
"identifiers": [
"CVE-2020-5404"
],
"not_impacted": "All versions before 0.8.0, all versions after 0.8.15 before 0.9.0, all versions after 0.9.4",
"package_slug": "maven/io.projectreactor.netty/reactor-netty",
"pubdate": "2020-03-03",
"solution": "Upgrade to versions 0.8.16.RELEASE, 0.9.5.RELEASE or above.",
"title": "Insufficiently Protected Credentials",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-5404",
"https://pivotal.io/security/cve-2020-5404"
],
"uuid": "c5516a4d-bcdd-40dc-8d77-ce9a1b7388c3"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:pivotal:reactor_netty:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.8.15",
"versionStartIncluding": "0.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:pivotal:reactor_netty:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.9.4",
"versionStartIncluding": "0.9.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"ID": "CVE-2020-5404"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2020-5404",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2020-5404"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 4.2
}
},
"lastModifiedDate": "2021-07-07T14:15Z",
"publishedDate": "2020-03-03T18:15Z"
}
}
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…