Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-2976 (GCVE-0-2023-2976)
Vulnerability from cvelistv5 – Published: 2023-06-14 17:36 – Updated: 2026-02-25 16:57
VLAI
EPSS
Title
Use of temporary directory for file creation in `FileBackedOutputStream` in Guava
Summary
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.
Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Creation of Temporary File With Insecure Permissions
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:47:58.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/google/guava/issues/2575"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230818-0008/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241108-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-2976",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-18T04:00:21.821629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:57:59.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Guava",
"vendor": "Google",
"versions": [
{
"lessThan": "32.0.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUse of Java\u0027s default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.\u003c/p\u003e\u003cp\u003eEven though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\u003c/p\u003e"
}
],
"value": "Use of Java\u0027s default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.\n\nEven though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Creation of Temporary File With Insecure Permissions",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:05:56.194Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/google/guava/issues/2575"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230818-0008/"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use of temporary directory for file creation in `FileBackedOutputStream` in Guava",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-2976",
"datePublished": "2023-06-14T17:36:40.640Z",
"dateReserved": "2023-05-30T13:15:41.560Z",
"dateUpdated": "2026-02-25T16:57:59.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-2976",
"date": "2026-06-12",
"epss": "0.00065",
"percentile": "0.20577"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:guava:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"32.0.0\", \"matchCriteriaId\": \"F0FA9B26-6D87-4FE1-B719-EC4770B5418D\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Use of Java\u0027s default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.\\n\\nEven though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\\n\\n\"}]",
"id": "CVE-2023-2976",
"lastModified": "2024-11-21T07:59:40.830",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"cve-coordination@google.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.2}]}",
"published": "2023-06-14T18:15:09.513",
"references": "[{\"url\": \"https://github.com/google/guava/issues/2575\", \"source\": \"cve-coordination@google.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230818-0008/\", \"source\": \"cve-coordination@google.com\"}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html\", \"source\": \"cve-coordination@google.com\"}, {\"url\": \"https://github.com/google/guava/issues/2575\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230818-0008/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve-coordination@google.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-552\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-2976\",\"sourceIdentifier\":\"cve-coordination@google.com\",\"published\":\"2023-06-14T18:15:09.513\",\"lastModified\":\"2026-02-25T18:16:59.103\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use of Java\u0027s default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.\\n\\nEven though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-552\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-552\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:guava:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"32.0.0\",\"matchCriteriaId\":\"F0FA9B26-6D87-4FE1-B719-EC4770B5418D\"}]}]}],\"references\":[{\"url\":\"https://github.com/google/guava/issues/2575\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230818-0008/\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://github.com/google/guava/issues/2575\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230818-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20241108-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/google/guava/issues/2575\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230818-0008/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20241108-0002/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:47:58.120Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-2976\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-18T04:00:21.821629Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-552\", \"description\": \"CWE-552 Files or Directories Accessible to External Parties\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-25T16:57:27.189Z\"}}], \"cna\": {\"title\": \"Use of temporary directory for file creation in `FileBackedOutputStream` in Guava\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-212\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-212 Functionality Misuse\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Google\", \"product\": \"Guava\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"lessThan\": \"32.0.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/google/guava/issues/2575\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230818-0008/\"}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Use of Java\u0027s default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.\\n\\nEven though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eUse of Java\u0027s default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.\u003c/p\u003e\u003cp\u003eEven though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Creation of Temporary File With Insecure Permissions\"}]}], \"providerMetadata\": {\"orgId\": \"14ed7db2-1595-443d-9d34-6215bf890778\", \"shortName\": \"Google\", \"dateUpdated\": \"2024-02-13T19:05:56.194Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-2976\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-25T16:57:59.928Z\", \"dateReserved\": \"2023-05-30T13:15:41.560Z\", \"assignerOrgId\": \"14ed7db2-1595-443d-9d34-6215bf890778\", \"datePublished\": \"2023-06-14T17:36:40.640Z\", \"assignerShortName\": \"Google\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2024:0799
Vulnerability from csaf_redhat - Published: 2024-02-13 16:55 - Updated: 2026-05-17 02:00Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update on RHEL 8
Severity
Important
Notes
Topic: New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.7 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)
* guava: insecure temporary directory creation (CVE-2023-2976)
* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)
* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)
* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)
* open redirect via "form_post.jwt" JARM response mode (CVE-2023-6927)
* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)
* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)3-44483)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.
4.4 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
4.6 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
7.1 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
4.6 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
47 references
Acknowledgments
https://security.lauritz-holtmann.de/
Lauritz Holtmann
Pontus.Hanssen@omegapoint.se
Pontus Hanssen
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.7 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)\n* guava: insecure temporary directory creation (CVE-2023-2976)\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)\n* open redirect via \"form_post.jwt\" JARM response mode (CVE-2023-6927)\n* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)\n* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)3-44483)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0799",
"url": "https://access.redhat.com/errata/RHSA-2024:0799"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "2236340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
},
{
"category": "external",
"summary": "2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "2246070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070"
},
{
"category": "external",
"summary": "2248423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423"
},
{
"category": "external",
"summary": "2249673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673"
},
{
"category": "external",
"summary": "2251407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407"
},
{
"category": "external",
"summary": "2255027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0799.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update on RHEL 8",
"tracking": {
"current_release_date": "2026-05-17T02:00:35+00:00",
"generator": {
"date": "2026-05-17T02:00:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2024:0799",
"initial_release_date": "2024-02-13T16:55:12+00:00",
"revision_history": [
{
"date": "2024-02-13T16:55:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-02-13T16:55:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-17T02:00:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7.6 for RHEL 8",
"product": {
"name": "Red Hat Single Sign-On 7.6 for RHEL 8",
"product_id": "8Base-RHSSO-7.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"product": {
"name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"product_id": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.12-1.redhat_00001.1.el8sso?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"product": {
"name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"product_id": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.12-1.redhat_00001.1.el8sso?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"product": {
"name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"product_id": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.12-1.redhat_00001.1.el8sso?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8",
"product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
},
"product_reference": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"relates_to_product_reference": "8Base-RHSSO-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 8",
"product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src"
},
"product_reference": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"relates_to_product_reference": "8Base-RHSSO-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8",
"product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
},
"product_reference": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"relates_to_product_reference": "8Base-RHSSO-7.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2976",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2023-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215229"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "guava: insecure temporary directory creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-2976"
},
{
"category": "external",
"summary": "RHBZ#2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
}
],
"release_date": "2023-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0799"
},
{
"category": "workaround",
"details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "guava: insecure temporary directory creation"
},
{
"acknowledgments": [
{
"names": [
"Lauritz Holtmann"
],
"organization": "https://security.lauritz-holtmann.de/"
}
],
"cve": "CVE-2023-6134",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2249673"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: reflected XSS via wildcard in OIDC redirect_uri",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6134"
},
{
"category": "external",
"summary": "RHBZ#2249673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6134",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6134"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134"
}
],
"release_date": "2023-11-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0799"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: reflected XSS via wildcard in OIDC redirect_uri"
},
{
"cve": "CVE-2023-6291",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-11-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2251407"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: redirect_uri validation bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6291"
},
{
"category": "external",
"summary": "RHBZ#2251407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6291",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291"
}
],
"release_date": "2023-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0799"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: redirect_uri validation bypass"
},
{
"cve": "CVE-2023-6484",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2023-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2248423"
}
],
"notes": [
{
"category": "description",
"text": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Log Injection during WebAuthn authentication or registration",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6484"
},
{
"category": "external",
"summary": "RHBZ#2248423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6484"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484"
}
],
"release_date": "2023-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0799"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "keycloak: Log Injection during WebAuthn authentication or registration"
},
{
"acknowledgments": [
{
"names": [
"Pontus Hanssen"
],
"organization": "Pontus.Hanssen@omegapoint.se"
}
],
"cve": "CVE-2023-6927",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-12-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2255027"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode \"form_post.jwt\" which could be used to bypass the security patch implemented to address CVE-2023-6134.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: open redirect via \"form_post.jwt\" JARM response mode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a moderate, following the same case for CVE-2023-6134, but with another response mode with JSON Web Token.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6927"
},
{
"category": "external",
"summary": "RHBZ#2255027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6927",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927"
}
],
"release_date": "2023-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0799"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: open redirect via \"form_post.jwt\" JARM response mode"
},
{
"cve": "CVE-2023-26048",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26048"
},
{
"category": "external",
"summary": "RHBZ#2236340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
}
],
"release_date": "2023-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0799"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()"
},
{
"cve": "CVE-2023-26049",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236341"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26049"
},
{
"category": "external",
"summary": "RHBZ#2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c"
}
],
"release_date": "2023-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0799"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies"
},
{
"cve": "CVE-2023-44483",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2023-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2246070"
}
],
"notes": [
{
"category": "description",
"text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "santuario: Private Key disclosure in debug-log output",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44483"
},
{
"category": "external",
"summary": "RHBZ#2246070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/20/5",
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/5"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55",
"url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55"
}
],
"release_date": "2023-10-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0799"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch",
"8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src",
"8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "santuario: Private Key disclosure in debug-log output"
}
]
}
RHSA-2024:0800
Vulnerability from csaf_redhat - Published: 2024-02-13 16:55 - Updated: 2026-05-17 02:00Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update on RHEL 9
Severity
Important
Notes
Topic: New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.7 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)
* guava: insecure temporary directory creation (CVE-2023-2976)
* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)
* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)
* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)
* open redirect via "form_post.jwt" JARM response mode (CVE-2023-6927)
* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)
* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.
4.4 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
4.6 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
7.1 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
4.6 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
47 references
Acknowledgments
https://security.lauritz-holtmann.de/
Lauritz Holtmann
Pontus.Hanssen@omegapoint.se
Pontus Hanssen
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.7 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)\n* guava: insecure temporary directory creation (CVE-2023-2976)\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)\n* open redirect via \"form_post.jwt\" JARM response mode (CVE-2023-6927)\n* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)\n* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0800",
"url": "https://access.redhat.com/errata/RHSA-2024:0800"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "2236340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
},
{
"category": "external",
"summary": "2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "2246070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070"
},
{
"category": "external",
"summary": "2248423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423"
},
{
"category": "external",
"summary": "2249673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673"
},
{
"category": "external",
"summary": "2251407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407"
},
{
"category": "external",
"summary": "2255027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0800.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update on RHEL 9",
"tracking": {
"current_release_date": "2026-05-17T02:00:35+00:00",
"generator": {
"date": "2026-05-17T02:00:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2024:0800",
"initial_release_date": "2024-02-13T16:55:27+00:00",
"revision_history": [
{
"date": "2024-02-13T16:55:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-02-13T16:55:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-17T02:00:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7.6 for RHEL 9",
"product": {
"name": "Red Hat Single Sign-On 7.6 for RHEL 9",
"product_id": "9Base-RHSSO-7.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"product": {
"name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"product_id": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.12-1.redhat_00001.1.el9sso?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"product": {
"name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"product_id": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.12-1.redhat_00001.1.el9sso?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"product": {
"name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"product_id": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.12-1.redhat_00001.1.el9sso?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9",
"product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
},
"product_reference": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"relates_to_product_reference": "9Base-RHSSO-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9",
"product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src"
},
"product_reference": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"relates_to_product_reference": "9Base-RHSSO-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9",
"product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
},
"product_reference": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"relates_to_product_reference": "9Base-RHSSO-7.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2976",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2023-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215229"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "guava: insecure temporary directory creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-2976"
},
{
"category": "external",
"summary": "RHBZ#2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
}
],
"release_date": "2023-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0800"
},
{
"category": "workaround",
"details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "guava: insecure temporary directory creation"
},
{
"acknowledgments": [
{
"names": [
"Lauritz Holtmann"
],
"organization": "https://security.lauritz-holtmann.de/"
}
],
"cve": "CVE-2023-6134",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2249673"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: reflected XSS via wildcard in OIDC redirect_uri",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6134"
},
{
"category": "external",
"summary": "RHBZ#2249673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6134",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6134"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134"
}
],
"release_date": "2023-11-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0800"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: reflected XSS via wildcard in OIDC redirect_uri"
},
{
"cve": "CVE-2023-6291",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-11-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2251407"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: redirect_uri validation bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6291"
},
{
"category": "external",
"summary": "RHBZ#2251407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6291",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291"
}
],
"release_date": "2023-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0800"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: redirect_uri validation bypass"
},
{
"cve": "CVE-2023-6484",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2023-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2248423"
}
],
"notes": [
{
"category": "description",
"text": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Log Injection during WebAuthn authentication or registration",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6484"
},
{
"category": "external",
"summary": "RHBZ#2248423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6484"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484"
}
],
"release_date": "2023-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0800"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "keycloak: Log Injection during WebAuthn authentication or registration"
},
{
"acknowledgments": [
{
"names": [
"Pontus Hanssen"
],
"organization": "Pontus.Hanssen@omegapoint.se"
}
],
"cve": "CVE-2023-6927",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-12-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2255027"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode \"form_post.jwt\" which could be used to bypass the security patch implemented to address CVE-2023-6134.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: open redirect via \"form_post.jwt\" JARM response mode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a moderate, following the same case for CVE-2023-6134, but with another response mode with JSON Web Token.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6927"
},
{
"category": "external",
"summary": "RHBZ#2255027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6927",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927"
}
],
"release_date": "2023-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0800"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: open redirect via \"form_post.jwt\" JARM response mode"
},
{
"cve": "CVE-2023-26048",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26048"
},
{
"category": "external",
"summary": "RHBZ#2236340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
}
],
"release_date": "2023-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0800"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()"
},
{
"cve": "CVE-2023-26049",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236341"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26049"
},
{
"category": "external",
"summary": "RHBZ#2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c"
}
],
"release_date": "2023-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0800"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies"
},
{
"cve": "CVE-2023-44483",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2023-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2246070"
}
],
"notes": [
{
"category": "description",
"text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "santuario: Private Key disclosure in debug-log output",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44483"
},
{
"category": "external",
"summary": "RHBZ#2246070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/20/5",
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/5"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55",
"url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55"
}
],
"release_date": "2023-10-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0800"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch",
"9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src",
"9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "santuario: Private Key disclosure in debug-log output"
}
]
}
RHSA-2024:0801
Vulnerability from csaf_redhat - Published: 2024-02-13 16:54 - Updated: 2026-05-17 02:00Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 for OpenShift image enhancement update
Severity
Important
Notes
Topic: A new image is available for Red Hat Single Sign-On 7.6.7, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Single Sign-On is an integrated sign-on solution, available as a
Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat
Single Sign-On for OpenShift image provides an authentication server that
you can use to log in centrally, log out, and register. You can also manage
user accounts for web applications, mobile applications, and RESTful web
services.
Security Fix(es):
* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)
* guava: insecure temporary directory creation (CVE-2023-2976)
* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)
* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)
* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)
* open redirect via "form_post.jwt" JARM response mode (CVE-2023-6927)
* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)
* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)
This erratum releases a new image for Red Hat Single Sign-On 7.6.7 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform
3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.
4.4 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
4.6 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
7.1 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
4.6 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
47 references
Acknowledgments
https://security.lauritz-holtmann.de/
Lauritz Holtmann
Pontus.Hanssen@omegapoint.se
Pontus Hanssen
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new image is available for Red Hat Single Sign-On 7.6.7, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On is an integrated sign-on solution, available as a\nRed Hat JBoss Middleware for OpenShift containerized image. The Red Hat\nSingle Sign-On for OpenShift image provides an authentication server that\nyou can use to log in centrally, log out, and register. You can also manage\nuser accounts for web applications, mobile applications, and RESTful web\nservices.\n\nSecurity Fix(es):\n* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)\n* guava: insecure temporary directory creation (CVE-2023-2976)\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)\n* open redirect via \"form_post.jwt\" JARM response mode (CVE-2023-6927)\n* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)\n* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)\n\nThis erratum releases a new image for Red Hat Single Sign-On 7.6.7 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform\n3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0801",
"url": "https://access.redhat.com/errata/RHSA-2024:0801"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "2236340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
},
{
"category": "external",
"summary": "2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "2246070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070"
},
{
"category": "external",
"summary": "2248423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423"
},
{
"category": "external",
"summary": "2249673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673"
},
{
"category": "external",
"summary": "2251407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407"
},
{
"category": "external",
"summary": "2255027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0801.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 for OpenShift image enhancement update",
"tracking": {
"current_release_date": "2026-05-17T02:00:40+00:00",
"generator": {
"date": "2026-05-17T02:00:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2024:0801",
"initial_release_date": "2024-02-13T16:54:08+00:00",
"revision_history": [
{
"date": "2024-02-13T16:54:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-02-13T16:54:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-17T02:00:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Middleware Containers for OpenShift",
"product": {
"name": "Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhosemc:1.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"product": {
"name": "rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"product_identification_helper": {
"purl": "pkg:oci/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995?arch=s390x\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-41"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"product": {
"name": "rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab?arch=amd64\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-41"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le",
"product": {
"name": "rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le",
"product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d?arch=ppc64le\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-41"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64"
},
"product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x"
},
"product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
},
"product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2976",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2023-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215229"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "guava: insecure temporary directory creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-2976"
},
{
"category": "external",
"summary": "RHBZ#2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
}
],
"release_date": "2023-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:54:08+00:00",
"details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0",
"product_ids": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0801"
},
{
"category": "workaround",
"details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
"product_ids": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "guava: insecure temporary directory creation"
},
{
"acknowledgments": [
{
"names": [
"Lauritz Holtmann"
],
"organization": "https://security.lauritz-holtmann.de/"
}
],
"cve": "CVE-2023-6134",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2249673"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: reflected XSS via wildcard in OIDC redirect_uri",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6134"
},
{
"category": "external",
"summary": "RHBZ#2249673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6134",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6134"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134"
}
],
"release_date": "2023-11-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:54:08+00:00",
"details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0",
"product_ids": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0801"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: reflected XSS via wildcard in OIDC redirect_uri"
},
{
"cve": "CVE-2023-6291",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-11-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2251407"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: redirect_uri validation bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6291"
},
{
"category": "external",
"summary": "RHBZ#2251407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6291",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291"
}
],
"release_date": "2023-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:54:08+00:00",
"details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0",
"product_ids": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0801"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: redirect_uri validation bypass"
},
{
"cve": "CVE-2023-6484",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2023-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2248423"
}
],
"notes": [
{
"category": "description",
"text": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Log Injection during WebAuthn authentication or registration",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6484"
},
{
"category": "external",
"summary": "RHBZ#2248423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6484"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484"
}
],
"release_date": "2023-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:54:08+00:00",
"details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0",
"product_ids": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0801"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "keycloak: Log Injection during WebAuthn authentication or registration"
},
{
"acknowledgments": [
{
"names": [
"Pontus Hanssen"
],
"organization": "Pontus.Hanssen@omegapoint.se"
}
],
"cve": "CVE-2023-6927",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-12-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2255027"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode \"form_post.jwt\" which could be used to bypass the security patch implemented to address CVE-2023-6134.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: open redirect via \"form_post.jwt\" JARM response mode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a moderate, following the same case for CVE-2023-6134, but with another response mode with JSON Web Token.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6927"
},
{
"category": "external",
"summary": "RHBZ#2255027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6927",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927"
}
],
"release_date": "2023-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:54:08+00:00",
"details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0",
"product_ids": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0801"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: open redirect via \"form_post.jwt\" JARM response mode"
},
{
"cve": "CVE-2023-26048",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26048"
},
{
"category": "external",
"summary": "RHBZ#2236340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
}
],
"release_date": "2023-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:54:08+00:00",
"details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0",
"product_ids": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0801"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()"
},
{
"cve": "CVE-2023-26049",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236341"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26049"
},
{
"category": "external",
"summary": "RHBZ#2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c"
}
],
"release_date": "2023-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:54:08+00:00",
"details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0",
"product_ids": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0801"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies"
},
{
"cve": "CVE-2023-44483",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2023-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2246070"
}
],
"notes": [
{
"category": "description",
"text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "santuario: Private Key disclosure in debug-log output",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44483"
},
{
"category": "external",
"summary": "RHBZ#2246070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/20/5",
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/5"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55",
"url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55"
}
],
"release_date": "2023-10-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:54:08+00:00",
"details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0",
"product_ids": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0801"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x",
"8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "santuario: Private Key disclosure in debug-log output"
}
]
}
RHSA-2024:0804
Vulnerability from csaf_redhat - Published: 2024-02-13 17:07 - Updated: 2026-05-17 02:00Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update
Severity
Important
Notes
Topic: A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.7 serves as a replacement for Red Hat Single Sign-On 7.6.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)
* guava: insecure temporary directory creation (CVE-2023-2976)
* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)
* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)
* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)
* open redirect via "form_post.jwt" JARM response mode (CVE-2023-6927)
* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)
* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.
4.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
4.6 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
7.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
4.6 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
47 references
Acknowledgments
https://security.lauritz-holtmann.de/
Lauritz Holtmann
Pontus.Hanssen@omegapoint.se
Pontus Hanssen
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.7 serves as a replacement for Red Hat Single Sign-On 7.6.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)\n* guava: insecure temporary directory creation (CVE-2023-2976)\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)\n* open redirect via \"form_post.jwt\" JARM response mode (CVE-2023-6927)\n* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)\n* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0804",
"url": "https://access.redhat.com/errata/RHSA-2024:0804"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "2236340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
},
{
"category": "external",
"summary": "2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "2246070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070"
},
{
"category": "external",
"summary": "2248423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423"
},
{
"category": "external",
"summary": "2249673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673"
},
{
"category": "external",
"summary": "2251407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407"
},
{
"category": "external",
"summary": "2255027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0804.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update",
"tracking": {
"current_release_date": "2026-05-17T02:00:33+00:00",
"generator": {
"date": "2026-05-17T02:00:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2024:0804",
"initial_release_date": "2024-02-13T17:07:54+00:00",
"revision_history": [
{
"date": "2024-02-13T17:07:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-02-13T17:07:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-17T02:00:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7",
"product": {
"name": "Red Hat Single Sign-On 7",
"product_id": "Red Hat Single Sign-On 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2976",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2023-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215229"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "guava: insecure temporary directory creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-2976"
},
{
"category": "external",
"summary": "RHBZ#2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
}
],
"release_date": "2023-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T17:07:54+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0804"
},
{
"category": "workaround",
"details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
"product_ids": [
"Red Hat Single Sign-On 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "guava: insecure temporary directory creation"
},
{
"acknowledgments": [
{
"names": [
"Lauritz Holtmann"
],
"organization": "https://security.lauritz-holtmann.de/"
}
],
"cve": "CVE-2023-6134",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2249673"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: reflected XSS via wildcard in OIDC redirect_uri",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6134"
},
{
"category": "external",
"summary": "RHBZ#2249673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6134",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6134"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134"
}
],
"release_date": "2023-11-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T17:07:54+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0804"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: reflected XSS via wildcard in OIDC redirect_uri"
},
{
"cve": "CVE-2023-6291",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-11-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2251407"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: redirect_uri validation bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6291"
},
{
"category": "external",
"summary": "RHBZ#2251407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6291",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291"
}
],
"release_date": "2023-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T17:07:54+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0804"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Single Sign-On 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: redirect_uri validation bypass"
},
{
"cve": "CVE-2023-6484",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2023-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2248423"
}
],
"notes": [
{
"category": "description",
"text": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Log Injection during WebAuthn authentication or registration",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6484"
},
{
"category": "external",
"summary": "RHBZ#2248423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6484"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484"
}
],
"release_date": "2023-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T17:07:54+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0804"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "keycloak: Log Injection during WebAuthn authentication or registration"
},
{
"acknowledgments": [
{
"names": [
"Pontus Hanssen"
],
"organization": "Pontus.Hanssen@omegapoint.se"
}
],
"cve": "CVE-2023-6927",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-12-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2255027"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode \"form_post.jwt\" which could be used to bypass the security patch implemented to address CVE-2023-6134.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: open redirect via \"form_post.jwt\" JARM response mode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a moderate, following the same case for CVE-2023-6134, but with another response mode with JSON Web Token.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6927"
},
{
"category": "external",
"summary": "RHBZ#2255027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6927",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927"
}
],
"release_date": "2023-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T17:07:54+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0804"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Single Sign-On 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: open redirect via \"form_post.jwt\" JARM response mode"
},
{
"cve": "CVE-2023-26048",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26048"
},
{
"category": "external",
"summary": "RHBZ#2236340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
}
],
"release_date": "2023-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T17:07:54+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0804"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()"
},
{
"cve": "CVE-2023-26049",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236341"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26049"
},
{
"category": "external",
"summary": "RHBZ#2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c"
}
],
"release_date": "2023-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T17:07:54+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0804"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies"
},
{
"cve": "CVE-2023-44483",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2023-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2246070"
}
],
"notes": [
{
"category": "description",
"text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "santuario: Private Key disclosure in debug-log output",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44483"
},
{
"category": "external",
"summary": "RHBZ#2246070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/20/5",
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/5"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55",
"url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55"
}
],
"release_date": "2023-10-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T17:07:54+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0804"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "santuario: Private Key disclosure in debug-log output"
}
]
}
RHSA-2024:1027
Vulnerability from csaf_redhat - Published: 2024-02-28 18:13 - Updated: 2026-06-04 00:58Summary
Red Hat Security Advisory: Migration Toolkit for Applications security update
Severity
Moderate
Notes
Topic: An update is now available for MTA-6.2-RHEL-8 and MTA-6.2-RHEL-9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Migration Toolkit for Applications
Security Fix(es):
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* apache-ivy: XML External Entity vulnerability (CVE-2022-46751)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* guava: insecure temporary directory creation (CVE-2023-2976)
* follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)
* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
* jackson-databind: denial of service via cylic dependencies (CVE-2023-35116)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.
5.5 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used. This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways. Starting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed. Users of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about "JAXP Properties for External Access restrictions" inside Oracle's "Java API for XML Processing (JAXP) Security Guide".
8.2 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.
4.4 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An Improper Input Validation flaw was found in follow-redirects due to the improper handling of URLs by the url.parse() function. When a new URL() throws an error, it can be manipulated to misinterpret the hostname. This issue could allow an attacker to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.
6.1 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
6.5 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
5.3 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
4.7 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
58 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for MTA-6.2-RHEL-8 and MTA-6.2-RHEL-9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Migration Toolkit for Applications \n\nSecurity Fix(es):\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* apache-ivy: XML External Entity vulnerability (CVE-2022-46751)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* guava: insecure temporary directory creation (CVE-2023-2976)\n\n* follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\n* jackson-databind: denial of service via cylic dependencies (CVE-2023-35116)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1027",
"url": "https://access.redhat.com/errata/RHSA-2024:1027"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "2182788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788"
},
{
"category": "external",
"summary": "2215214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215214"
},
{
"category": "external",
"summary": "2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2233112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233112"
},
{
"category": "external",
"summary": "2256413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256413"
},
{
"category": "external",
"summary": "MTA-87",
"url": "https://issues.redhat.com/browse/MTA-87"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1027.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Applications security update",
"tracking": {
"current_release_date": "2026-06-04T00:58:30+00:00",
"generator": {
"date": "2026-06-04T00:58:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:1027",
"initial_release_date": "2024-02-28T18:13:39+00:00",
"revision_history": [
{
"date": "2024-02-28T18:13:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-02-28T18:13:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-04T00:58:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "MTA 6.2 for RHEL 8",
"product": {
"name": "MTA 6.2 for RHEL 8",
"product_id": "9Base-MTA-6.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el9"
}
}
},
{
"category": "product_name",
"name": "MTA 6.2 for RHEL 8",
"product": {
"name": "MTA 6.2 for RHEL 8",
"product_id": "8Base-MTA-6.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el8"
}
}
}
],
"category": "product_family",
"name": "Migration Toolkit for Applications"
},
{
"branches": [
{
"category": "product_version",
"name": "mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"product": {
"name": "mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"product_id": "mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-hub-rhel9\u0026tag=6.2.2-2"
}
}
},
{
"category": "product_version",
"name": "mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"product": {
"name": "mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"product_id": "mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-operator-bundle\u0026tag=6.2.2-5"
}
}
},
{
"category": "product_version",
"name": "mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"product": {
"name": "mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"product_id": "mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-rhel8-operator\u0026tag=6.2.2-3"
}
}
},
{
"category": "product_version",
"name": "mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"product": {
"name": "mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"product_id": "mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-pathfinder-rhel9\u0026tag=6.2.2-2"
}
}
},
{
"category": "product_version",
"name": "mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"product": {
"name": "mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"product_id": "mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-ui-rhel9\u0026tag=6.2.2-2"
}
}
},
{
"category": "product_version",
"name": "mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64",
"product": {
"name": "mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64",
"product_id": "mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-windup-addon-rhel9\u0026tag=6.2.2-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64 as a component of MTA 6.2 for RHEL 8",
"product_id": "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64"
},
"product_reference": "mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"relates_to_product_reference": "8Base-MTA-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64 as a component of MTA 6.2 for RHEL 8",
"product_id": "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64"
},
"product_reference": "mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"relates_to_product_reference": "9Base-MTA-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64 as a component of MTA 6.2 for RHEL 8",
"product_id": "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64"
},
"product_reference": "mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"relates_to_product_reference": "9Base-MTA-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64 as a component of MTA 6.2 for RHEL 8",
"product_id": "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64"
},
"product_reference": "mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"relates_to_product_reference": "9Base-MTA-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64 as a component of MTA 6.2 for RHEL 8",
"product_id": "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64"
},
"product_reference": "mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"relates_to_product_reference": "9Base-MTA-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64 as a component of MTA 6.2 for RHEL 8",
"product_id": "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
},
"product_reference": "mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64",
"relates_to_product_reference": "9Base-MTA-6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1962",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: go/parser: stack exhaustion in all Parse* functions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1962"
},
{
"category": "external",
"summary": "RHBZ#2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962"
},
{
"category": "external",
"summary": "https://go.dev/issue/53616",
"url": "https://go.dev/issue/53616"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-28T18:13:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1027"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: go/parser: stack exhaustion in all Parse* functions"
},
{
"cve": "CVE-2022-45693",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45693"
},
{
"category": "external",
"summary": "RHBZ#2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-28T18:13:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1027"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos"
},
{
"cve": "CVE-2022-46751",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2023-08-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2233112"
}
],
"notes": [
{
"category": "description",
"text": "Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2.\n\nWhen Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used.\n\nThis can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways.\n\nStarting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed.\n\nUsers of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about \"JAXP Properties for External Access restrictions\" inside Oracle\u0027s \"Java API for XML Processing (JAXP) Security Guide\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-ivy: XML External Entity vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46751"
},
{
"category": "external",
"summary": "RHBZ#2233112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46751"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46751",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46751"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8",
"url": "https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8"
}
],
"release_date": "2023-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-28T18:13:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1027"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-ivy: XML External Entity vulnerability"
},
{
"cve": "CVE-2023-1436",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: Uncontrolled Recursion in JSONArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1436"
},
{
"category": "external",
"summary": "RHBZ#2182788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/",
"url": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-28T18:13:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1027"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: Uncontrolled Recursion in JSONArray"
},
{
"cve": "CVE-2023-2976",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2023-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215229"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "guava: insecure temporary directory creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-2976"
},
{
"category": "external",
"summary": "RHBZ#2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
}
],
"release_date": "2023-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-28T18:13:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1027"
},
{
"category": "workaround",
"details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "guava: insecure temporary directory creation"
},
{
"cve": "CVE-2023-26159",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2256413"
}
],
"notes": [
{
"category": "description",
"text": "An Improper Input Validation flaw was found in follow-redirects due to the improper handling of URLs by the url.parse() function. When a new URL() throws an error, it can be manipulated to misinterpret the hostname. This issue could allow an attacker to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "follow-redirects is a transitive dependency of Grafana, and does not affect Red Hat Enterprise Linux 8.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26159"
},
{
"category": "external",
"summary": "RHBZ#2256413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256413"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26159",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26159"
}
],
"release_date": "2024-01-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-28T18:13:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1027"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()"
},
{
"cve": "CVE-2023-29406",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: insufficient sanitization of Host header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "RHBZ#2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
}
],
"release_date": "2023-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-28T18:13:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1027"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: insufficient sanitization of Host header"
},
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-28T18:13:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1027"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"cve": "CVE-2023-35116",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215214"
}
],
"notes": [
{
"category": "description",
"text": "jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor\u0027s perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via cylic dependencies",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is disputed by the component developers and is under reconsideration by NIST. As such, it should be excluded from scanning utilities or other compliance systems until the dispute is finalized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-35116"
},
{
"category": "external",
"summary": "RHBZ#2215214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215214"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35116",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35116"
}
],
"release_date": "2023-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-28T18:13:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1027"
},
{
"category": "workaround",
"details": "jackson-databind should not be used to deserialize untrusted inputs. User inputs should be validated and sanitized before processing.",
"product_ids": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64",
"9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64",
"9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64",
"9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64",
"9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64",
"9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via cylic dependencies"
}
]
}
RHSA-2024:2707
Vulnerability from csaf_redhat - Published: 2024-05-06 14:10 - Updated: 2026-06-10 08:37Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel security update
Severity
Important
Notes
Topic: Red Hat build of Apache Camel 4.4.0 for Spring Boot release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat build of Apache Camel 4.4.0 for Spring Boot release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* xnio: StackOverflowException when the chain of notifier states becomes problematically big (CVE-2023-5685)
* tomcat: Leaking of unrelated request bodies in default error page (CVE-2024-21733)
* guava: insecure temporary directory creation (CVE-2023-2976)
* jackson-databind: denial of service via cylic dependencies (CVE-2023-35116)
* json-path: stack-based buffer overflow in Criteria.parse method (CVE-2023-51074)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.
4.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.4.0 for Spring Boot
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache-camel-spring-boot:4.4.0
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.4.0 for Spring Boot
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache-camel-spring-boot:4.4.0
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
4.7 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.4.0 for Spring Boot
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache-camel-spring-boot:4.4.0
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A stack overflow vulnerability was found in the Criteria.parse() method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.4.0 for Spring Boot
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache-camel-spring-boot:4.4.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
An information disclosure vulnerability was found in Apache Tomcat. Incomplete POST requests triggered an error response that could contain data from a previous HTTP request. This flaw allows a remote attacker to access files from another user that should be otherwise prevented by limits or authentication.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.4.0 for Spring Boot
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache-camel-spring-boot:4.4.0
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A Server-side request forgery (SSRF) vulnerability has been identified in Apache CXF in the WADL service description. The flaw allows an attacker to perform SSRF-style attacks on REST web services. The attack only applies if a custom stylesheet parameter is configured.
9.1 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.4.0 for Spring Boot
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache-camel-spring-boot:4.4.0
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
An improper input validation vulnerability was found in the p2c parameter in the Apache CXF JOSE. This flaw allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.4.0 for Spring Boot
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache-camel-spring-boot:4.4.0
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
44 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat build of Apache Camel 4.4.0 for Spring Boot release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat build of Apache Camel 4.4.0 for Spring Boot release and security update is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* xnio: StackOverflowException when the chain of notifier states becomes problematically big (CVE-2023-5685)\n\n* tomcat: Leaking of unrelated request bodies in default error page (CVE-2024-21733)\n\n* guava: insecure temporary directory creation (CVE-2023-2976)\n\n* jackson-databind: denial of service via cylic dependencies (CVE-2023-35116)\n\n* json-path: stack-based buffer overflow in Criteria.parse method (CVE-2023-51074)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2707",
"url": "https://access.redhat.com/errata/RHSA-2024:2707"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2215214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215214"
},
{
"category": "external",
"summary": "2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "2241822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822"
},
{
"category": "external",
"summary": "2256063",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256063"
},
{
"category": "external",
"summary": "2259204",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259204"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2707.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Build of Apache Camel security update",
"tracking": {
"current_release_date": "2026-06-10T08:37:05+00:00",
"generator": {
"date": "2026-06-10T08:37:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2024:2707",
"initial_release_date": "2024-05-06T14:10:14+00:00",
"revision_history": [
{
"date": "2024-05-06T14:10:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-06T14:10:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-10T08:37:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Apache Camel 4.4.0 for Spring Boot",
"product": {
"name": "Red Hat build of Apache Camel 4.4.0 for Spring Boot",
"product_id": "Red Hat build of Apache Camel 4.4.0 for Spring Boot",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:apache-camel-spring-boot:4.4.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Build of Apache Camel"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2976",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2023-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215229"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "guava: insecure temporary directory creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-2976"
},
{
"category": "external",
"summary": "RHBZ#2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
}
],
"release_date": "2023-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-06T14:10:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2707"
},
{
"category": "workaround",
"details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "guava: insecure temporary directory creation"
},
{
"cve": "CVE-2023-5685",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2241822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: StackOverflowException when the chain of notifier states becomes problematically big",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this vulnerability as an Important impact as the uncontrolled resource consumption may lead to Denial of Service (DoS). This might be intentioned by an attacker who is looking to jeopardize an environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5685"
},
{
"category": "external",
"summary": "RHBZ#2241822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5685",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5685"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-06T14:10:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2707"
},
{
"category": "workaround",
"details": "There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xnio: StackOverflowException when the chain of notifier states becomes problematically big"
},
{
"cve": "CVE-2023-35116",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215214"
}
],
"notes": [
{
"category": "description",
"text": "jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor\u0027s perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via cylic dependencies",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is disputed by the component developers and is under reconsideration by NIST. As such, it should be excluded from scanning utilities or other compliance systems until the dispute is finalized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-35116"
},
{
"category": "external",
"summary": "RHBZ#2215214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215214"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35116",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35116"
}
],
"release_date": "2023-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-06T14:10:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2707"
},
{
"category": "workaround",
"details": "jackson-databind should not be used to deserialize untrusted inputs. User inputs should be validated and sanitized before processing.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via cylic dependencies"
},
{
"cve": "CVE-2023-51074",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2023-12-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2256063"
}
],
"notes": [
{
"category": "description",
"text": "A stack overflow vulnerability was found in the Criteria.parse() method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-path: stack-based buffer overflow in Criteria.parse method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this at maximum of a Moderate impact. When interacting with a server to explore this possible vulnerability, the attacker would be the only one seeing a HTTP 500 error and no other user (or the server entirely) would be vulnerable in a real application scenario with multi-threads.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-51074"
},
{
"category": "external",
"summary": "RHBZ#2256063",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256063"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-51074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-51074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51074"
},
{
"category": "external",
"summary": "https://github.com/json-path/JsonPath/issues/973",
"url": "https://github.com/json-path/JsonPath/issues/973"
}
],
"release_date": "2023-12-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-06T14:10:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2707"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "json-path: stack-based buffer overflow in Criteria.parse method"
},
{
"cve": "CVE-2024-21733",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2024-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259204"
}
],
"notes": [
{
"category": "description",
"text": "An information disclosure vulnerability was found in Apache Tomcat. Incomplete POST requests triggered an error response that could contain data from a previous HTTP request. This flaw allows a remote attacker to access files from another user that should be otherwise prevented by limits or authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Leaking of unrelated request bodies in default error page",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux remains unaffected as the vulnerable version of Tomcat (e.g., versions 8.5.7 through 8.5.63 and 9.0.0 through 9.0.43) has not been shipped or included.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21733"
},
{
"category": "external",
"summary": "RHBZ#2259204",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259204"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21733"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21733"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz",
"url": "https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/01/19/2",
"url": "https://www.openwall.com/lists/oss-security/2024/01/19/2"
}
],
"release_date": "2024-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-06T14:10:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2707"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Leaking of unrelated request bodies in default error page"
},
{
"cve": "CVE-2024-29736",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-07-19T09:20:09+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2298827"
}
],
"notes": [
{
"category": "description",
"text": "A Server-side request forgery (SSRF) vulnerability has been identified in Apache CXF in the WADL service description. The flaw allows an attacker to perform SSRF-style attacks on REST web services. The attack only applies if a custom stylesheet parameter is configured.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache: cxf: org.apache.cxf:cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This SSRF vulnerability in Apache CXF\u0027s WADL service description is of significant severity because it allows an attacker to manipulate server-side requests, potentially leading to unauthorized access to internal resources. By exploiting this flaw, an attacker can craft malicious requests that bypass traditional security controls, enabling the server to communicate with internal systems, which may include databases, cloud services, or other sensitive infrastructure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29736"
},
{
"category": "external",
"summary": "RHBZ#2298827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298827"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29736",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29736"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29736",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29736"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-5m3j-pxh7-455p",
"url": "https://github.com/advisories/GHSA-5m3j-pxh7-455p"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2",
"url": "https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2"
},
{
"category": "external",
"summary": "https://osv.dev/vulnerability/GHSA-5m3j-pxh7-455p",
"url": "https://osv.dev/vulnerability/GHSA-5m3j-pxh7-455p"
}
],
"release_date": "2024-07-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-06T14:10:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2707"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apache: cxf: org.apache.cxf:cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter"
},
{
"cve": "CVE-2024-32007",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2298828"
}
],
"notes": [
{
"category": "description",
"text": "An improper input validation vulnerability was found in the p2c parameter in the Apache CXF JOSE. This flaw allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The improper input validation vulnerability in the p2c parameter of Apache CXF JOSE is considered a moderate severity issue rather than a important one due to its limited scope and impact. While the flaw allows an attacker to specify a large value for the p2c parameter, leading to potential denial of service (DoS) attacks by causing excessive computational overhead, it does not compromise data integrity, confidentiality, or authentication mechanisms directly. The attack vector primarily affects system availability and exploiting this vulnerability requires the ability to send crafted tokens.\n\nBase EAP (7.4 and 8) and EAP XP (4 and 5) do not ship this affected CXF jaxrs artifact. cxf-rt-rs-security-jose is part of CXF\u0027s JAX-RS, and EAP uses RESTEasy, hence it\u0027s not-affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-32007"
},
{
"category": "external",
"summary": "RHBZ#2298828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298828"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-32007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32007"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-32007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32007"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-6pff-fmh2-4mmf",
"url": "https://github.com/advisories/GHSA-6pff-fmh2-4mmf"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633",
"url": "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633"
}
],
"release_date": "2024-07-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-06T14:10:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2707"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.4.0 for Spring Boot"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE"
}
]
}
RHSA-2024:3527
Vulnerability from csaf_redhat - Published: 2024-05-30 20:24 - Updated: 2026-06-02 15:13Summary
Red Hat Security Advisory: Red Hat AMQ Streams 2.7.0 release and security update
Severity
Moderate
Notes
Topic: Red Hat AMQ Streams 2.7.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 2.7.0 serves as a replacement for Red Hat AMQ Streams 2.6.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
* lz4: memory corruption due to an integer overflow bug caused by memmove argument (CVE-2021-3520)
* zstd: Race condition allows attacker to access world-readable destination file (CVE-2021-24032)
* RocksDB: zstd: mysql: buffer overrun in util.c (CVE-2022-4899)
* netty-codec-http: Allocation of Resources Without Limits or Throttling (CVE-2024-29025)
* commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710)
* apache-commons-text: variable interpolation RCE (CVE-2022-42889)
* snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact (CVE-2023-43642)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)
* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)
* bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class (CVE-2023-33202)
* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)
* json-path: stack-based buffer overflow in Criteria.parse method (CVE-2023-51074)
* guava: insecure temporary directory creation (CVE-2023-2976)
* io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300)
* io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx (CVE-2024-1023)
* quarkus-core: Leak of local configuration properties into Quarkus applications (CVE-2024-2700)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
8.6 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Critical
An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.
4.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Bouncy Castle for the Java pkix module, which is vulnerable to a potential Denial of Service (DoS) issue within the org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in SnappyInputStream in snappy-java, a data compression library in Java. This issue occurs when decompressing data with a too-large chunk size due to a missing upper bound check on chunk length. An unrecoverable fatal error can occur, resulting in a Denial of Service (DoS).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A stack overflow vulnerability was found in the Criteria.parse() method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.
5.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.
7.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A loop with an unreachable exit condition (Infinite Loop) vulnerability was found in Apache Common Compress. This issue can lead to a denial of service.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.7.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
116 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Streams 2.7.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 2.7.0 serves as a replacement for Red Hat AMQ Streams 2.6.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n\n* lz4: memory corruption due to an integer overflow bug caused by memmove argument (CVE-2021-3520)\n* zstd: Race condition allows attacker to access world-readable destination file (CVE-2021-24032)\n* RocksDB: zstd: mysql: buffer overrun in util.c (CVE-2022-4899)\n* netty-codec-http: Allocation of Resources Without Limits or Throttling (CVE-2024-29025)\n* commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710)\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n* snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact (CVE-2023-43642)\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n* protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)\n* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n* bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class (CVE-2023-33202)\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n* json-path: stack-based buffer overflow in Criteria.parse method (CVE-2023-51074)\n* guava: insecure temporary directory creation (CVE-2023-2976)\n* io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300)\n* io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx (CVE-2024-1023)\n* quarkus-core: Leak of local configuration properties into Quarkus applications (CVE-2024-2700)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3527",
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1928090",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928090"
},
{
"category": "external",
"summary": "1954559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954559"
},
{
"category": "external",
"summary": "2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "2137645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137645"
},
{
"category": "external",
"summary": "2142707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
},
{
"category": "external",
"summary": "2179864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179864"
},
{
"category": "external",
"summary": "2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "2215465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
},
{
"category": "external",
"summary": "2241722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241722"
},
{
"category": "external",
"summary": "2251281",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251281"
},
{
"category": "external",
"summary": "2256063",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256063"
},
{
"category": "external",
"summary": "2260840",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840"
},
{
"category": "external",
"summary": "2263139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"
},
{
"category": "external",
"summary": "2264988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264988"
},
{
"category": "external",
"summary": "2272907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
},
{
"category": "external",
"summary": "2273281",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273281"
},
{
"category": "external",
"summary": "ENTMQST-5619",
"url": "https://issues.redhat.com/browse/ENTMQST-5619"
},
{
"category": "external",
"summary": "ENTMQST-5881",
"url": "https://issues.redhat.com/browse/ENTMQST-5881"
},
{
"category": "external",
"summary": "ENTMQST-5882",
"url": "https://issues.redhat.com/browse/ENTMQST-5882"
},
{
"category": "external",
"summary": "ENTMQST-5883",
"url": "https://issues.redhat.com/browse/ENTMQST-5883"
},
{
"category": "external",
"summary": "ENTMQST-5884",
"url": "https://issues.redhat.com/browse/ENTMQST-5884"
},
{
"category": "external",
"summary": "ENTMQST-5885",
"url": "https://issues.redhat.com/browse/ENTMQST-5885"
},
{
"category": "external",
"summary": "ENTMQST-5886",
"url": "https://issues.redhat.com/browse/ENTMQST-5886"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3527.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Streams 2.7.0 release and security update",
"tracking": {
"current_release_date": "2026-06-02T15:13:38+00:00",
"generator": {
"date": "2026-06-02T15:13:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:3527",
"initial_release_date": "2024-05-30T20:24:46+00:00",
"revision_history": [
{
"date": "2024-05-30T20:24:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-06-25T17:26:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:13:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Streams 2.7.0",
"product": {
"name": "Red Hat AMQ Streams 2.7.0",
"product_id": "Red Hat AMQ Streams 2.7.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_streams:2"
}
}
}
],
"category": "product_family",
"name": "Streams for Apache Kafka"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3520",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1954559"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lz4: memory corruption due to an integer overflow bug caused by memmove argument",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is out of support scope for Red Hat Enterprise Linux 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3520"
},
{
"category": "external",
"summary": "RHBZ#1954559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954559"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3520",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3520"
}
],
"release_date": "2021-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "lz4: memory corruption due to an integer overflow bug caused by memmove argument"
},
{
"cve": "CVE-2021-24032",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2021-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1928090"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "zstd: Race condition allows attacker to access world-readable destination file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the zstd package was delivered in OCP 4.3 which is already end of life.\n\nThis vulnerability can be considered low severity rather than moderate due to the fact that the elevated file permissions are only temporary and only exist during the compression or decompression process. Once the operation completes, the file permissions revert to their intended state, mirroring those of the input file. The risk is further minimized by the fact that the exposure window is brief, and the elevated permissions are not persistent. Additionally, the issue only arises during the processing of files, and only those with larger sizes or more involved operations would be at risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-24032"
},
{
"category": "external",
"summary": "RHBZ#1928090",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928090"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-24032",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24032"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-24032",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24032"
}
],
"release_date": "2021-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "zstd: Race condition allows attacker to access world-readable destination file"
},
{
"cve": "CVE-2022-3171",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2137645"
}
],
"notes": [
{
"category": "description",
"text": "A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobuf-java: timeout in parser leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3171"
},
{
"category": "external",
"summary": "RHBZ#2137645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171"
},
{
"category": "external",
"summary": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2",
"url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2"
}
],
"release_date": "2022-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "protobuf-java: timeout in parser leads to DoS"
},
{
"cve": "CVE-2022-4899",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2179864"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "zstd: mysql: buffer overrun in util.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in the zstd command-line utility is rated as Moderate Severity because it involves an Incorrect Calculation of Buffer Size (CWE-400) within the mallocAndJoin2Dir function in programs/util.c. A remote attacker can exploit this flaw by providing an input, specifically an empty string, which causes a function boundary error and results in a heap-based Out-of-Bounds Read on memory. This ultimately leads to a program crash, causing a Denial of Service condition that is limited to the specific zstd process or service instance, rather than affecting the entire host system\u0027s stability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4899"
},
{
"category": "external",
"summary": "RHBZ#2179864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179864"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4899",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4899"
}
],
"release_date": "2022-07-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "zstd: mysql: buffer overrun in util.c"
},
{
"cve": "CVE-2022-42889",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2022-10-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135435"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-text: variable interpolation RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42889"
},
{
"category": "external",
"summary": "RHBZ#2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889"
},
{
"category": "external",
"summary": "https://blogs.apache.org/security/entry/cve-2022-42889",
"url": "https://blogs.apache.org/security/entry/cve-2022-42889"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om",
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"category": "external",
"summary": "https://seclists.org/oss-sec/2022/q4/22",
"url": "https://seclists.org/oss-sec/2022/q4/22"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
},
{
"category": "workaround",
"details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "apache-commons-text: variable interpolation RCE"
},
{
"cve": "CVE-2022-42920",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2142707"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Fuse 7 ships the code in question but does not utilize it in the product, so it is affected at a reduced impact of Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42920"
},
{
"category": "external",
"summary": "RHBZ#2142707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4",
"url": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4"
}
],
"release_date": "2022-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing"
},
{
"cve": "CVE-2023-1370",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2188542"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1370"
},
{
"category": "external",
"summary": "RHBZ#2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-493p-pfq6-5258",
"url": "https://github.com/advisories/GHSA-493p-pfq6-5258"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/",
"url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)"
},
{
"cve": "CVE-2023-2976",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2023-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215229"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "guava: insecure temporary directory creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-2976"
},
{
"category": "external",
"summary": "RHBZ#2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
}
],
"release_date": "2023-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
},
{
"category": "workaround",
"details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "guava: insecure temporary directory creation"
},
{
"cve": "CVE-2023-33201",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215465"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-33201"
},
{
"category": "external",
"summary": "RHBZ#2215465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
},
{
"category": "external",
"summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201",
"url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
}
],
"release_date": "2023-06-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate"
},
{
"cve": "CVE-2023-33202",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-11-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2251281"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bouncy Castle for the Java pkix module, which is vulnerable to a potential Denial of Service (DoS) issue within the org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-33202"
},
{
"category": "external",
"summary": "RHBZ#2251281",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251281"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33202",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33202"
},
{
"category": "external",
"summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33202",
"url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33202"
}
],
"release_date": "2023-11-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class"
},
{
"cve": "CVE-2023-43642",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2241722"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SnappyInputStream in snappy-java, a data compression library in Java. This issue occurs when decompressing data with a too-large chunk size due to a missing upper bound check on chunk length. An unrecoverable fatal error can occur, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-43642"
},
{
"category": "external",
"summary": "RHBZ#2241722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241722"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-43642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43642"
},
{
"category": "external",
"summary": "https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv",
"url": "https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv"
}
],
"release_date": "2023-09-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact"
},
{
"cve": "CVE-2023-51074",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2023-12-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2256063"
}
],
"notes": [
{
"category": "description",
"text": "A stack overflow vulnerability was found in the Criteria.parse() method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-path: stack-based buffer overflow in Criteria.parse method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this at maximum of a Moderate impact. When interacting with a server to explore this possible vulnerability, the attacker would be the only one seeing a HTTP 500 error and no other user (or the server entirely) would be vulnerable in a real application scenario with multi-threads.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-51074"
},
{
"category": "external",
"summary": "RHBZ#2256063",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256063"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-51074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-51074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51074"
},
{
"category": "external",
"summary": "https://github.com/json-path/JsonPath/issues/973",
"url": "https://github.com/json-path/JsonPath/issues/973"
}
],
"release_date": "2023-12-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "json-path: stack-based buffer overflow in Criteria.parse method"
},
{
"cve": "CVE-2024-1023",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2024-01-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2260840"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1023"
},
{
"category": "external",
"summary": "RHBZ#2260840",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1023",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1023"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/issues/5078",
"url": "https://github.com/eclipse-vertx/vert.x/issues/5078"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/pull/5080",
"url": "https://github.com/eclipse-vertx/vert.x/pull/5080"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/pull/5082",
"url": "https://github.com/eclipse-vertx/vert.x/pull/5082"
}
],
"release_date": "2024-01-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx"
},
{
"cve": "CVE-2024-1300",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2024-02-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2263139"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This affects only TLS servers with SNI enabled.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1300"
},
{
"category": "external",
"summary": "RHBZ#2263139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1300",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1300"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300"
},
{
"category": "external",
"summary": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.",
"url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni."
}
],
"release_date": "2024-02-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support"
},
{
"cve": "CVE-2024-2700",
"cwe": {
"id": "CWE-526",
"name": "Cleartext Storage of Sensitive Information in an Environment Variable"
},
"discovery_date": "2024-04-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2273281"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application\u0027s build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "quarkus-core: Leak of local configuration properties into Quarkus applications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a Moderate impact vulnerability since this requires an attacker to have direct access to the environment variables to override, and the application must use that environment variable to be jeopardized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-2700"
},
{
"category": "external",
"summary": "RHBZ#2273281",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273281"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-2700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2700"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2700",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2700"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability. Please update as the patches become available.",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "quarkus-core: Leak of local configuration properties into Quarkus applications"
},
{
"cve": "CVE-2024-25710",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264988"
}
],
"notes": [
{
"category": "description",
"text": "A loop with an unreachable exit condition (Infinite Loop) vulnerability was found in Apache Common Compress. This issue can lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-25710"
},
{
"category": "external",
"summary": "RHBZ#2264988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264988"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/02/19/1",
"url": "http://www.openwall.com/lists/oss-security/2024/02/19/1"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf",
"url": "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf"
}
],
"release_date": "2024-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability.",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file"
},
{
"cve": "CVE-2024-29025",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-04-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2272907"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-http: Allocation of Resources Without Limits or Throttling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in io.netty:netty-codec-http, allowing for Allocation of Resources Without Limits or Throttling issues, is assessed as moderate severity due to its potential impact on system availability and performance. By exploiting the flaw in HttpPostRequestDecoder, an attacker can craft chunked POST requests with numerous small fields, causing excessive accumulation of data in memory buffers. This unrestricted accumulation can lead to significant memory consumption on the server, potentially exhausting available resources and resulting in denial of service (DoS) conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.7.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29025"
},
{
"category": "external",
"summary": "RHBZ#2272907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
},
{
"category": "external",
"summary": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3",
"url": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c",
"url": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v",
"url": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812"
}
],
"release_date": "2024-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-30T20:24:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.7.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec-http: Allocation of Resources Without Limits or Throttling"
}
]
}
RHSA-2024_0777
Vulnerability from csaf_redhat - Published: 2024-02-12 10:27 - Updated: 2024-12-18 05:01Summary
Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
Severity
Important
Notes
Topic: An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.14.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* apache-commons-text: variable interpolation RCE (CVE-2022-42889)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)
* Jenkins: Session fixation vulnerability in OpenShift Login Plugin (CVE-2023-37946)
* jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin may approve unsandboxed scripts (CVE-2023-40336)
* guava: insecure temporary directory creation (CVE-2023-2976)
* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)
* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)
* jackson-databind: denial of service via cylic dependencies (CVE-2023-35116)
* Jenkins: Open redirect vulnerability in OpenShift Login Plugin (CVE-2023-37947)
* jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin (CVE-2023-40337)
* jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin (CVE-2023-40338)
* jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin (CVE-2023-40339)
* jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials (CVE-2023-40341)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src | — |
Threats
Impact
Important
A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.
9.8 (Critical)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src | — |
Threats
Impact
Important
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.
9.8 (Critical)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.
4.4 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
8.8 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src | — |
Threats
Impact
Important
A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability. This may allow an attacker to control test case class names in the JUnit resources processed by the plugin.
5.4 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting (XSS) vulnerability that may allow attackers to control job names.
5.4 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src | — |
Threats
Impact
Moderate
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
4.7 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Jenkins OpenShift Login Plugin. Affected versions of this plugin could allow a remote attacker to bypass security restrictions caused by not invalidating the existing session on login. By persuading a victim to visit a specially crafted Web site, an attacker can gain administrator access to Jenkins.
8.8 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src | — |
Threats
Impact
Important
A flaw was found in the Jenkins OpenShift Login Plugin. Affected versions of this plugin could allow a remote attacker to conduct phishing attacks caused by an open redirect vulnerability. An attacker can use a specially crafted URL to redirect a victim to arbitrary web sites.
4.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the Jenkins Folders Plugin. Affected versions of this plugin allow attackers to copy folders.
8.0 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src | — |
Threats
Impact
Important
A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin allow attackers to copy a view inside a folder.
4.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin display an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available. This flaw exposes information about the Jenkins controller file system.
4.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the Config File Provider Jenkins Plugin. Affected versions of this plugin do not mask (replace with asterisks) credentials specified in configuration files when they're written to the build log.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the blueocean Jenkins plugin. Affected versions of this plugin allow attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.
5.4 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
140 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.14.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)\n\n* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)\n\n* Jenkins: Session fixation vulnerability in OpenShift Login Plugin (CVE-2023-37946)\n\n* jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin may approve unsandboxed scripts (CVE-2023-40336)\n\n* guava: insecure temporary directory creation (CVE-2023-2976)\n\n* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)\n\n* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)\n\n* jackson-databind: denial of service via cylic dependencies (CVE-2023-35116)\n\n* Jenkins: Open redirect vulnerability in OpenShift Login Plugin (CVE-2023-37947)\n\n* jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin (CVE-2023-40337)\n\n* jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin (CVE-2023-40338)\n\n* jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin (CVE-2023-40339)\n\n* jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials (CVE-2023-40341)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0777",
"url": "https://access.redhat.com/errata/RHSA-2024:0777"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2066479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479"
},
{
"category": "external",
"summary": "2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "2164278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278"
},
{
"category": "external",
"summary": "2170039",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039"
},
{
"category": "external",
"summary": "2170041",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041"
},
{
"category": "external",
"summary": "2215214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215214"
},
{
"category": "external",
"summary": "2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "2222709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222709"
},
{
"category": "external",
"summary": "2222710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222710"
},
{
"category": "external",
"summary": "2232422",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232422"
},
{
"category": "external",
"summary": "2232423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232423"
},
{
"category": "external",
"summary": "2232424",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232424"
},
{
"category": "external",
"summary": "2232425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232425"
},
{
"category": "external",
"summary": "2232426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232426"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "JKNS-271",
"url": "https://issues.redhat.com/browse/JKNS-271"
},
{
"category": "external",
"summary": "JKNS-289",
"url": "https://issues.redhat.com/browse/JKNS-289"
},
{
"category": "external",
"summary": "JKNS-337",
"url": "https://issues.redhat.com/browse/JKNS-337"
},
{
"category": "external",
"summary": "JKNS-344",
"url": "https://issues.redhat.com/browse/JKNS-344"
},
{
"category": "external",
"summary": "JKNS-345",
"url": "https://issues.redhat.com/browse/JKNS-345"
},
{
"category": "external",
"summary": "OCPBUGS-11158",
"url": "https://issues.redhat.com/browse/OCPBUGS-11158"
},
{
"category": "external",
"summary": "OCPBUGS-11253",
"url": "https://issues.redhat.com/browse/OCPBUGS-11253"
},
{
"category": "external",
"summary": "OCPBUGS-11254",
"url": "https://issues.redhat.com/browse/OCPBUGS-11254"
},
{
"category": "external",
"summary": "OCPBUGS-11446",
"url": "https://issues.redhat.com/browse/OCPBUGS-11446"
},
{
"category": "external",
"summary": "OCPBUGS-1357",
"url": "https://issues.redhat.com/browse/OCPBUGS-1357"
},
{
"category": "external",
"summary": "OCPBUGS-13869",
"url": "https://issues.redhat.com/browse/OCPBUGS-13869"
},
{
"category": "external",
"summary": "OCPBUGS-14111",
"url": "https://issues.redhat.com/browse/OCPBUGS-14111"
},
{
"category": "external",
"summary": "OCPBUGS-14609",
"url": "https://issues.redhat.com/browse/OCPBUGS-14609"
},
{
"category": "external",
"summary": "OCPBUGS-15646",
"url": "https://issues.redhat.com/browse/OCPBUGS-15646"
},
{
"category": "external",
"summary": "OCPBUGS-15902",
"url": "https://issues.redhat.com/browse/OCPBUGS-15902"
},
{
"category": "external",
"summary": "OCPBUGS-1709",
"url": "https://issues.redhat.com/browse/OCPBUGS-1709"
},
{
"category": "external",
"summary": "OCPBUGS-1942",
"url": "https://issues.redhat.com/browse/OCPBUGS-1942"
},
{
"category": "external",
"summary": "OCPBUGS-2099",
"url": "https://issues.redhat.com/browse/OCPBUGS-2099"
},
{
"category": "external",
"summary": "OCPBUGS-2184",
"url": "https://issues.redhat.com/browse/OCPBUGS-2184"
},
{
"category": "external",
"summary": "OCPBUGS-2318",
"url": "https://issues.redhat.com/browse/OCPBUGS-2318"
},
{
"category": "external",
"summary": "OCPBUGS-23438",
"url": "https://issues.redhat.com/browse/OCPBUGS-23438"
},
{
"category": "external",
"summary": "OCPBUGS-27388",
"url": "https://issues.redhat.com/browse/OCPBUGS-27388"
},
{
"category": "external",
"summary": "OCPBUGS-655",
"url": "https://issues.redhat.com/browse/OCPBUGS-655"
},
{
"category": "external",
"summary": "OCPBUGS-6579",
"url": "https://issues.redhat.com/browse/OCPBUGS-6579"
},
{
"category": "external",
"summary": "OCPBUGS-6870",
"url": "https://issues.redhat.com/browse/OCPBUGS-6870"
},
{
"category": "external",
"summary": "OCPBUGS-710",
"url": "https://issues.redhat.com/browse/OCPBUGS-710"
},
{
"category": "external",
"summary": "OCPBUGS-8377",
"url": "https://issues.redhat.com/browse/OCPBUGS-8377"
},
{
"category": "external",
"summary": "OCPBUGS-8442",
"url": "https://issues.redhat.com/browse/OCPBUGS-8442"
},
{
"category": "external",
"summary": "OCPTOOLS-244",
"url": "https://issues.redhat.com/browse/OCPTOOLS-244"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0777.json"
}
],
"title": "Red Hat Security Advisory: jenkins and jenkins-2-plugins security update",
"tracking": {
"current_release_date": "2024-12-18T05:01:18+00:00",
"generator": {
"date": "2024-12-18T05:01:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:0777",
"initial_release_date": "2024-02-12T10:27:23+00:00",
"revision_history": [
{
"date": "2024-02-12T10:27:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-02-12T10:27:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T05:01:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.14",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.14::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.14.1706516441-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.14.1706516441-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.14.1706516441-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.14.1706516441-1.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-0:2.426.3.1706516352-3.el8.src",
"product": {
"name": "jenkins-0:2.426.3.1706516352-3.el8.src",
"product_id": "jenkins-0:2.426.3.1706516352-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.426.3.1706516352-3.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.14.1706516441-1.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-0:2.426.3.1706516352-3.el8.noarch",
"product": {
"name": "jenkins-0:2.426.3.1706516352-3.el8.noarch",
"product_id": "jenkins-0:2.426.3.1706516352-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.426.3.1706516352-3.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.426.3.1706516352-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch"
},
"product_reference": "jenkins-0:2.426.3.1706516352-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.426.3.1706516352-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
},
"product_reference": "jenkins-0:2.426.3.1706516352-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.14.1706516441-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.14.1706516441-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-25857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "RHBZ#2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
}
],
"release_date": "2022-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:27:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0777"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
},
{
"cve": "CVE-2022-29599",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2022-03-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2066479"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "maven-shared-utils: Command injection via Commandline class",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It\u0027s worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29599"
},
{
"category": "external",
"summary": "RHBZ#2066479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29599"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599"
}
],
"release_date": "2020-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:27:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0777"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "maven-shared-utils: Command injection via Commandline class"
},
{
"cve": "CVE-2022-42889",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"discovery_date": "2022-10-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135435"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-text: variable interpolation RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42889"
},
{
"category": "external",
"summary": "RHBZ#2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889"
},
{
"category": "external",
"summary": "https://blogs.apache.org/security/entry/cve-2022-42889",
"url": "https://blogs.apache.org/security/entry/cve-2022-42889"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om",
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"category": "external",
"summary": "https://seclists.org/oss-sec/2022/q4/22",
"url": "https://seclists.org/oss-sec/2022/q4/22"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:27:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0777"
},
{
"category": "workaround",
"details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-text: variable interpolation RCE"
},
{
"cve": "CVE-2023-2976",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2023-06-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215229"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "guava: insecure temporary directory creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-2976"
},
{
"category": "external",
"summary": "RHBZ#2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
}
],
"release_date": "2023-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:27:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0777"
},
{
"category": "workaround",
"details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "guava: insecure temporary directory creation"
},
{
"cve": "CVE-2023-24422",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-01-25T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2164278"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as out of support scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24422"
},
{
"category": "external",
"summary": "RHBZ#2164278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24422",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24422"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016",
"url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016"
}
],
"release_date": "2023-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:27:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0777"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin"
},
{
"cve": "CVE-2023-25761",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170039"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability. This may allow an attacker to control test case class names in the JUnit resources processed by the plugin.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-25761"
},
{
"category": "external",
"summary": "RHBZ#2170039",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-25761",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032",
"url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:27:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0777"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin"
},
{
"cve": "CVE-2023-25762",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170041"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting (XSS) vulnerability that may allow attackers to control job names.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-25762"
},
{
"category": "external",
"summary": "RHBZ#2170041",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-25762",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25762"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019",
"url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:27:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0777"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin"
},
{
"cve": "CVE-2023-35116",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215214"
}
],
"notes": [
{
"category": "description",
"text": "jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor\u0027s perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via cylic dependencies",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is disputed by the component developers and is under reconsideration by NIST. As such, it should be excluded from scanning utilities or other compliance systems until the dispute is finalized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-35116"
},
{
"category": "external",
"summary": "RHBZ#2215214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215214"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35116",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35116"
}
],
"release_date": "2023-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:27:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0777"
},
{
"category": "workaround",
"details": "jackson-databind should not be used to deserialize untrusted inputs. User inputs should be validated and sanitized before processing.",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via cylic dependencies"
},
{
"cve": "CVE-2023-37946",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222709"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins OpenShift Login Plugin. Affected versions of this plugin could allow a remote attacker to bypass security restrictions caused by not invalidating the existing session on login. By persuading a victim to visit a specially crafted Web site, an attacker can gain administrator access to Jenkins.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Session fixation vulnerability in OpenShift Login Plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37946"
},
{
"category": "external",
"summary": "RHBZ#2222709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222709"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37946"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37946",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37946"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2998",
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2998"
}
],
"release_date": "2023-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:27:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0777"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Jenkins: Session fixation vulnerability in OpenShift Login Plugin"
},
{
"cve": "CVE-2023-37947",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222710"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins OpenShift Login Plugin. Affected versions of this plugin could allow a remote attacker to conduct phishing attacks caused by an open redirect vulnerability. An attacker can use a specially crafted URL to redirect a victim to arbitrary web sites.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Open redirect vulnerability in OpenShift Login Plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37947"
},
{
"category": "external",
"summary": "RHBZ#2222710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222710"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37947",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37947"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2999",
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2999"
}
],
"release_date": "2023-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:27:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0777"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Jenkins: Open redirect vulnerability in OpenShift Login Plugin"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:27:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0777"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-40336",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2023-08-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2232424"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins Folders Plugin. Affected versions of this plugin allow attackers to copy folders.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin may approve unsandboxed scripts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40336"
},
{
"category": "external",
"summary": "RHBZ#2232424",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232424"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40336",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40336"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40336",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40336"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3106",
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3106"
}
],
"release_date": "2023-08-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:27:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0777"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin may approve unsandboxed scripts"
},
{
"cve": "CVE-2023-40337",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2023-08-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2232425"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin allow attackers to copy a view inside a folder.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40337"
},
{
"category": "external",
"summary": "RHBZ#2232425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232425"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40337",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40337"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3105",
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3105"
}
],
"release_date": "2023-08-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:27:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0777"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin"
},
{
"cve": "CVE-2023-40338",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-08-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2232426"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin display an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available. This flaw exposes information about the Jenkins controller file system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40338"
},
{
"category": "external",
"summary": "RHBZ#2232426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40338",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40338"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3109",
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3109"
}
],
"release_date": "2023-08-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:27:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0777"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin"
},
{
"cve": "CVE-2023-40339",
"discovery_date": "2023-08-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2232423"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Config File Provider Jenkins Plugin. Affected versions of this plugin do not mask (replace with asterisks) credentials specified in configuration files when they\u0027re written to the build log.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40339"
},
{
"category": "external",
"summary": "RHBZ#2232423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40339",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40339"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40339",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40339"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3090",
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3090"
}
],
"release_date": "2023-08-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:27:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0777"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin"
},
{
"cve": "CVE-2023-40341",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2023-08-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2232422"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the blueocean Jenkins plugin. Affected versions of this plugin allow attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40341"
},
{
"category": "external",
"summary": "RHBZ#2232422",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232422"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40341"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40341",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40341"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3116",
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3116"
}
],
"release_date": "2023-08-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:27:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0777"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:27:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0777"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2024_0778
Vulnerability from csaf_redhat - Published: 2024-02-12 10:38 - Updated: 2024-12-17 22:32Summary
Red Hat Security Advisory: Jenkins and Jenkins-2-plugins security update
Severity
Important
Notes
Topic: An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* apache-commons-text: variable interpolation RCE (CVE-2022-42889)
* google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization (CVE-2020-7692)
* maven: Block repositories using http by default (CVE-2021-26291)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)
* jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE (CVE-2024-23897)
* jenkins: cross-site WebSocket hijacking (CVE-2024-23898)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* guava: insecure temporary directory creation (CVE-2023-2976)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)
* spring-security: Empty SecurityContext Is Not Properly Saved Upon Logout (CVE-2023-20862)
* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)
* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)
* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)
* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)
* Jenkins: Open redirect vulnerability in OpenShift Login Plugin (CVE-2023-37947)
* jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)
* jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin (CVE-2023-40337)
* jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin (CVE-2023-40338)
* jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin (CVE-2023-40339)
* jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials (CVE-2023-40341)
* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)
* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.
7.4 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in maven. Repositories that are defined in a dependency’s Project Object Model (pom), which may be unknown to users, are used by default resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. The highest threat from this vulnerability is to data confidentiality and integrity.
7.4 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.
5.5 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src | — |
Threats
Impact
Important
A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.
9.8 (Critical)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src | — |
Threats
Impact
Important
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.
9.8 (Critical)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.
4.4 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).
5.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src | — |
Threats
Impact
Moderate
A flaw was found in Spring Security. In affected versions of Spring Security, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout.
6.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
8.8 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src | — |
Threats
Impact
Important
A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability. This may allow an attacker to control test case class names in the JUnit resources processed by the plugin.
5.4 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting (XSS) vulnerability that may allow attackers to control job names.
5.4 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.
5.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.
5.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src | — |
Threats
Impact
Moderate
A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.
4.4 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src | — |
Threats
Impact
Low
A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.
5.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src | — |
Threats
Impact
Low
A flaw was found in the Jenkins OpenShift Login Plugin. Affected versions of this plugin could allow a remote attacker to conduct phishing attacks caused by an open redirect vulnerability. An attacker can use a specially crafted URL to redirect a victim to arbitrary web sites.
4.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in Jetty that permits a plus sign (+) preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400 responses.
5.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin allow attackers to copy a view inside a folder.
4.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin display an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available. This flaw exposes information about the Jenkins controller file system.
4.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the Config File Provider Jenkins Plugin. Affected versions of this plugin do not mask (replace with asterisks) credentials specified in configuration files when they're written to the build log.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the blueocean Jenkins plugin. Affected versions of this plugin allow attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.
5.4 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in Jenkins, which uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces the "@" character followed by a file path in an argument with the file’s contents (expandAtFiles). This feature is enabled by default; Jenkins 2.441 and earlier as well as LTS 2.426.2 and earlier do not disable it.
9.8 (Critical)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
A flaw was found in Jenkins where websocket access to the CLI does not perform origin validation of requests when they are made through the websocket endpoint.
8.8 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src | — |
Threats
Impact
Important
References
180 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization (CVE-2020-7692)\n\n* maven: Block repositories using http by default (CVE-2021-26291)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)\n\n* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)\n\n* jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE (CVE-2024-23897)\n\n* jenkins: cross-site WebSocket hijacking (CVE-2024-23898)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* guava: insecure temporary directory creation (CVE-2023-2976)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* spring-security: Empty SecurityContext Is Not Properly Saved Upon Logout (CVE-2023-20862)\n\n* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)\n\n* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)\n\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n\n* Jenkins: Open redirect vulnerability in OpenShift Login Plugin (CVE-2023-37947)\n\n* jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)\n\n* jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin (CVE-2023-40337)\n\n* jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin (CVE-2023-40338)\n\n* jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin (CVE-2023-40339)\n\n* jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials (CVE-2023-40341)\n\n* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0778",
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1856376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856376"
},
{
"category": "external",
"summary": "1955739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955739"
},
{
"category": "external",
"summary": "2066479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479"
},
{
"category": "external",
"summary": "2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "2164278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278"
},
{
"category": "external",
"summary": "2170039",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039"
},
{
"category": "external",
"summary": "2170041",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041"
},
{
"category": "external",
"summary": "2177632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632"
},
{
"category": "external",
"summary": "2177634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634"
},
{
"category": "external",
"summary": "2180530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530"
},
{
"category": "external",
"summary": "2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "2222710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222710"
},
{
"category": "external",
"summary": "2227788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2227788"
},
{
"category": "external",
"summary": "2232422",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232422"
},
{
"category": "external",
"summary": "2232423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232423"
},
{
"category": "external",
"summary": "2232425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232425"
},
{
"category": "external",
"summary": "2232426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232426"
},
{
"category": "external",
"summary": "2236340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
},
{
"category": "external",
"summary": "2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "2239634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239634"
},
{
"category": "external",
"summary": "2260180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260180"
},
{
"category": "external",
"summary": "2260182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260182"
},
{
"category": "external",
"summary": "JKNS-271",
"url": "https://issues.redhat.com/browse/JKNS-271"
},
{
"category": "external",
"summary": "JKNS-289",
"url": "https://issues.redhat.com/browse/JKNS-289"
},
{
"category": "external",
"summary": "OCPBUGS-10976",
"url": "https://issues.redhat.com/browse/OCPBUGS-10976"
},
{
"category": "external",
"summary": "OCPBUGS-11158",
"url": "https://issues.redhat.com/browse/OCPBUGS-11158"
},
{
"category": "external",
"summary": "OCPBUGS-11348",
"url": "https://issues.redhat.com/browse/OCPBUGS-11348"
},
{
"category": "external",
"summary": "OCPBUGS-1357",
"url": "https://issues.redhat.com/browse/OCPBUGS-1357"
},
{
"category": "external",
"summary": "OCPBUGS-13652",
"url": "https://issues.redhat.com/browse/OCPBUGS-13652"
},
{
"category": "external",
"summary": "OCPBUGS-13901",
"url": "https://issues.redhat.com/browse/OCPBUGS-13901"
},
{
"category": "external",
"summary": "OCPBUGS-14113",
"url": "https://issues.redhat.com/browse/OCPBUGS-14113"
},
{
"category": "external",
"summary": "OCPBUGS-14393",
"url": "https://issues.redhat.com/browse/OCPBUGS-14393"
},
{
"category": "external",
"summary": "OCPBUGS-14642",
"url": "https://issues.redhat.com/browse/OCPBUGS-14642"
},
{
"category": "external",
"summary": "OCPBUGS-15648",
"url": "https://issues.redhat.com/browse/OCPBUGS-15648"
},
{
"category": "external",
"summary": "OCPBUGS-1709",
"url": "https://issues.redhat.com/browse/OCPBUGS-1709"
},
{
"category": "external",
"summary": "OCPBUGS-1942",
"url": "https://issues.redhat.com/browse/OCPBUGS-1942"
},
{
"category": "external",
"summary": "OCPBUGS-2099",
"url": "https://issues.redhat.com/browse/OCPBUGS-2099"
},
{
"category": "external",
"summary": "OCPBUGS-2184",
"url": "https://issues.redhat.com/browse/OCPBUGS-2184"
},
{
"category": "external",
"summary": "OCPBUGS-2318",
"url": "https://issues.redhat.com/browse/OCPBUGS-2318"
},
{
"category": "external",
"summary": "OCPBUGS-27391",
"url": "https://issues.redhat.com/browse/OCPBUGS-27391"
},
{
"category": "external",
"summary": "OCPBUGS-3692",
"url": "https://issues.redhat.com/browse/OCPBUGS-3692"
},
{
"category": "external",
"summary": "OCPBUGS-4819",
"url": "https://issues.redhat.com/browse/OCPBUGS-4819"
},
{
"category": "external",
"summary": "OCPBUGS-4833",
"url": "https://issues.redhat.com/browse/OCPBUGS-4833"
},
{
"category": "external",
"summary": "OCPBUGS-655",
"url": "https://issues.redhat.com/browse/OCPBUGS-655"
},
{
"category": "external",
"summary": "OCPBUGS-6632",
"url": "https://issues.redhat.com/browse/OCPBUGS-6632"
},
{
"category": "external",
"summary": "OCPBUGS-6982",
"url": "https://issues.redhat.com/browse/OCPBUGS-6982"
},
{
"category": "external",
"summary": "OCPBUGS-7016",
"url": "https://issues.redhat.com/browse/OCPBUGS-7016"
},
{
"category": "external",
"summary": "OCPBUGS-7050",
"url": "https://issues.redhat.com/browse/OCPBUGS-7050"
},
{
"category": "external",
"summary": "OCPBUGS-710",
"url": "https://issues.redhat.com/browse/OCPBUGS-710"
},
{
"category": "external",
"summary": "OCPBUGS-8420",
"url": "https://issues.redhat.com/browse/OCPBUGS-8420"
},
{
"category": "external",
"summary": "OCPBUGS-8497",
"url": "https://issues.redhat.com/browse/OCPBUGS-8497"
},
{
"category": "external",
"summary": "OCPTOOLS-246",
"url": "https://issues.redhat.com/browse/OCPTOOLS-246"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0778.json"
}
],
"title": "Red Hat Security Advisory: Jenkins and Jenkins-2-plugins security update",
"tracking": {
"current_release_date": "2024-12-17T22:32:55+00:00",
"generator": {
"date": "2024-12-17T22:32:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:0778",
"initial_release_date": "2024-02-12T10:38:58+00:00",
"revision_history": [
{
"date": "2024-02-12T10:38:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-02-12T10:38:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:32:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.12",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.12::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.426.3.1706515686-3.el8.src",
"product": {
"name": "jenkins-0:2.426.3.1706515686-3.el8.src",
"product_id": "jenkins-0:2.426.3.1706515686-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.426.3.1706515686-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.12.1706515741-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.12.1706515741-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.12.1706515741-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1706515741-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.426.3.1706515686-3.el8.noarch",
"product": {
"name": "jenkins-0:2.426.3.1706515686-3.el8.noarch",
"product_id": "jenkins-0:2.426.3.1706515686-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.426.3.1706515686-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1706515741-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.426.3.1706515686-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch"
},
"product_reference": "jenkins-0:2.426.3.1706515686-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.426.3.1706515686-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
},
"product_reference": "jenkins-0:2.426.3.1706515686-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.12.1706515741-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.12.1706515741-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7692",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-07-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1856376"
}
],
"notes": [
{
"category": "description",
"text": "PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7692"
},
{
"category": "external",
"summary": "RHBZ#1856376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7692",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7692"
}
],
"release_date": "2020-07-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization"
},
{
"cve": "CVE-2021-26291",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-04-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1955739"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in maven. Repositories that are defined in a dependency\u2019s Project Object Model (pom), which may be unknown to users, are used by default resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "maven: Block repositories using http by default",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-26291"
},
{
"category": "external",
"summary": "RHBZ#1955739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-26291",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-26291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26291"
},
{
"category": "external",
"summary": "https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291",
"url": "https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291"
}
],
"release_date": "2021-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
},
{
"category": "workaround",
"details": "To avoid possible man-in-the-middle related attacks with this flaw, ensure any linked repositories in maven POMs use https and not http.",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "maven: Block repositories using http by default"
},
{
"cve": "CVE-2022-1962",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: go/parser: stack exhaustion in all Parse* functions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1962"
},
{
"category": "external",
"summary": "RHBZ#2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962"
},
{
"category": "external",
"summary": "https://go.dev/issue/53616",
"url": "https://go.dev/issue/53616"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: go/parser: stack exhaustion in all Parse* functions"
},
{
"cve": "CVE-2022-25857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "RHBZ#2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
}
],
"release_date": "2022-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
},
{
"cve": "CVE-2022-29599",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2022-03-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2066479"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "maven-shared-utils: Command injection via Commandline class",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It\u0027s worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29599"
},
{
"category": "external",
"summary": "RHBZ#2066479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29599"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599"
}
],
"release_date": "2020-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "maven-shared-utils: Command injection via Commandline class"
},
{
"cve": "CVE-2022-42889",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"discovery_date": "2022-10-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135435"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-text: variable interpolation RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42889"
},
{
"category": "external",
"summary": "RHBZ#2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889"
},
{
"category": "external",
"summary": "https://blogs.apache.org/security/entry/cve-2022-42889",
"url": "https://blogs.apache.org/security/entry/cve-2022-42889"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om",
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"category": "external",
"summary": "https://seclists.org/oss-sec/2022/q4/22",
"url": "https://seclists.org/oss-sec/2022/q4/22"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
},
{
"category": "workaround",
"details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-text: variable interpolation RCE"
},
{
"cve": "CVE-2023-2976",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2023-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215229"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "guava: insecure temporary directory creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-2976"
},
{
"category": "external",
"summary": "RHBZ#2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
}
],
"release_date": "2023-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
},
{
"category": "workaround",
"details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "guava: insecure temporary directory creation"
},
{
"cve": "CVE-2023-20861",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-03-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180530"
}
],
"notes": [
{
"category": "description",
"text": "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Spring Expression DoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20861"
},
{
"category": "external",
"summary": "RHBZ#2180530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20861"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861"
},
{
"category": "external",
"summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861",
"url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861"
}
],
"release_date": "2023-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "springframework: Spring Expression DoS Vulnerability"
},
{
"cve": "CVE-2023-20862",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2023-07-31T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2227788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Security. In affected versions of Spring Security, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security: Empty SecurityContext Is Not Properly Saved Upon Logout",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20862"
},
{
"category": "external",
"summary": "RHBZ#2227788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2227788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20862",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20862"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20862",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20862"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2023-20862",
"url": "https://spring.io/security/cve-2023-20862"
}
],
"release_date": "2023-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "spring-security: Empty SecurityContext Is Not Properly Saved Upon Logout"
},
{
"cve": "CVE-2023-24422",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-01-25T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2164278"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as out of support scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24422"
},
{
"category": "external",
"summary": "RHBZ#2164278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24422",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24422"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016",
"url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016"
}
],
"release_date": "2023-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin"
},
{
"cve": "CVE-2023-25761",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170039"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability. This may allow an attacker to control test case class names in the JUnit resources processed by the plugin.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-25761"
},
{
"category": "external",
"summary": "RHBZ#2170039",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-25761",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032",
"url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin"
},
{
"cve": "CVE-2023-25762",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170041"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting (XSS) vulnerability that may allow attackers to control job names.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-25762"
},
{
"category": "external",
"summary": "RHBZ#2170041",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-25762",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25762"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019",
"url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin"
},
{
"cve": "CVE-2023-26048",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26048"
},
{
"category": "external",
"summary": "RHBZ#2236340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
}
],
"release_date": "2023-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()"
},
{
"cve": "CVE-2023-26049",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236341"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26049"
},
{
"category": "external",
"summary": "RHBZ#2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c"
}
],
"release_date": "2023-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies"
},
{
"cve": "CVE-2023-27903",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177632"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI\u2019s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Temporary file parameter created with insecure permissions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27903"
},
{
"category": "external",
"summary": "RHBZ#2177632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27903"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Jenkins: Temporary file parameter created with insecure permissions"
},
{
"cve": "CVE-2023-27904",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177634"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Information disclosure through error stack traces related to agents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27904"
},
{
"category": "external",
"summary": "RHBZ#2177634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Jenkins: Information disclosure through error stack traces related to agents"
},
{
"cve": "CVE-2023-37947",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222710"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins OpenShift Login Plugin. Affected versions of this plugin could allow a remote attacker to conduct phishing attacks caused by an open redirect vulnerability. An attacker can use a specially crafted URL to redirect a victim to arbitrary web sites.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Open redirect vulnerability in OpenShift Login Plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37947"
},
{
"category": "external",
"summary": "RHBZ#2222710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222710"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37947",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37947"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2999",
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2999"
}
],
"release_date": "2023-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Jenkins: Open redirect vulnerability in OpenShift Login Plugin"
},
{
"cve": "CVE-2023-40167",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2023-09-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2239634"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty that permits a plus sign (+) preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400 responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: Improper validation of HTTP/1 content-length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40167"
},
{
"category": "external",
"summary": "RHBZ#2239634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6",
"url": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6"
}
],
"release_date": "2023-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: Improper validation of HTTP/1 content-length"
},
{
"cve": "CVE-2023-40337",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2023-08-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2232425"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin allow attackers to copy a view inside a folder.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40337"
},
{
"category": "external",
"summary": "RHBZ#2232425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232425"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40337",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40337"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3105",
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3105"
}
],
"release_date": "2023-08-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin"
},
{
"cve": "CVE-2023-40338",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-08-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2232426"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin display an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available. This flaw exposes information about the Jenkins controller file system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40338"
},
{
"category": "external",
"summary": "RHBZ#2232426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40338",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40338"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3109",
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3109"
}
],
"release_date": "2023-08-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin"
},
{
"cve": "CVE-2023-40339",
"discovery_date": "2023-08-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2232423"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Config File Provider Jenkins Plugin. Affected versions of this plugin do not mask (replace with asterisks) credentials specified in configuration files when they\u0027re written to the build log.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40339"
},
{
"category": "external",
"summary": "RHBZ#2232423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40339",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40339"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40339",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40339"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3090",
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3090"
}
],
"release_date": "2023-08-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin"
},
{
"cve": "CVE-2023-40341",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2023-08-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2232422"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the blueocean Jenkins plugin. Affected versions of this plugin allow attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40341"
},
{
"category": "external",
"summary": "RHBZ#2232422",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232422"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40341"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40341",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40341"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3116",
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3116"
}
],
"release_date": "2023-08-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials"
},
{
"cve": "CVE-2024-23897",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2024-01-24T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2260180"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins, which uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces the \"@\" character followed by a file path in an argument with the file\u2019s contents (expandAtFiles). This feature is enabled by default; Jenkins 2.441 and earlier as well as LTS 2.426.2 and earlier do not disable it.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23897"
},
{
"category": "external",
"summary": "RHBZ#2260180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260180"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23897"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23897",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23897"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6",
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314",
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2024-01-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
},
{
"category": "workaround",
"details": "Disabling access to the CLI is expected to prevent exploitation completely. Doing so is strongly recommended to administrators unable to immediately update to Jenkins 2.442, LTS 2.426.3 or LTS 2.440.1. Applying this workaround does not require a Jenkins restart.",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2024-08-19T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE"
},
{
"cve": "CVE-2024-23898",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-01-24T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2260182"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins where websocket access to the CLI does not perform origin validation of requests when they are made through the websocket endpoint.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: cross-site WebSocket hijacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23898"
},
{
"category": "external",
"summary": "RHBZ#2260182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23898"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23898",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23898"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6",
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315",
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315"
}
],
"release_date": "2024-01-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-12T10:38:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jenkins: cross-site WebSocket hijacking"
}
]
}
RHSA-2024_0798
Vulnerability from csaf_redhat - Published: 2024-02-13 16:55 - Updated: 2024-12-17 04:51Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update on RHEL 7
Severity
Important
Notes
Topic: New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.7 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)
* guava: insecure temporary directory creation (CVE-2023-2976)
* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)
* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)
* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)
* open redirect via "form_post.jwt" JARM response mode (CVE-2023-6927)
* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)
* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.
4.4 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
4.6 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
7.1 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
4.6 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
47 references
Acknowledgments
https://security.lauritz-holtmann.de/
Lauritz Holtmann
Pontus.Hanssen@omegapoint.se
Pontus Hanssen
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.7 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)\n* guava: insecure temporary directory creation (CVE-2023-2976)\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)\n* open redirect via \"form_post.jwt\" JARM response mode (CVE-2023-6927)\n* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)\n* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0798",
"url": "https://access.redhat.com/errata/RHSA-2024:0798"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "2236340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
},
{
"category": "external",
"summary": "2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "2246070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070"
},
{
"category": "external",
"summary": "2248423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423"
},
{
"category": "external",
"summary": "2249673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673"
},
{
"category": "external",
"summary": "2251407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407"
},
{
"category": "external",
"summary": "2255027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0798.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update on RHEL 7",
"tracking": {
"current_release_date": "2024-12-17T04:51:49+00:00",
"generator": {
"date": "2024-12-17T04:51:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:0798",
"initial_release_date": "2024-02-13T16:55:55+00:00",
"revision_history": [
{
"date": "2024-02-13T16:55:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-02-13T16:55:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T04:51:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7.6 for RHEL 7 Server",
"product": {
"name": "Red Hat Single Sign-On 7.6 for RHEL 7 Server",
"product_id": "7Server-RHSSO-7.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"product": {
"name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"product_id": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.12-1.redhat_00001.1.el7sso?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"product": {
"name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"product_id": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.12-1.redhat_00001.1.el7sso?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"product": {
"name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"product_id": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.12-1.redhat_00001.1.el7sso?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server",
"product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
},
"product_reference": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"relates_to_product_reference": "7Server-RHSSO-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server",
"product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src"
},
"product_reference": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"relates_to_product_reference": "7Server-RHSSO-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server",
"product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
},
"product_reference": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"relates_to_product_reference": "7Server-RHSSO-7.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2976",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2023-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215229"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "guava: insecure temporary directory creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-2976"
},
{
"category": "external",
"summary": "RHBZ#2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
}
],
"release_date": "2023-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0798"
},
{
"category": "workaround",
"details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "guava: insecure temporary directory creation"
},
{
"acknowledgments": [
{
"names": [
"Lauritz Holtmann"
],
"organization": "https://security.lauritz-holtmann.de/"
}
],
"cve": "CVE-2023-6134",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2249673"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: reflected XSS via wildcard in OIDC redirect_uri",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6134"
},
{
"category": "external",
"summary": "RHBZ#2249673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6134",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6134"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134"
}
],
"release_date": "2023-11-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0798"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: reflected XSS via wildcard in OIDC redirect_uri"
},
{
"cve": "CVE-2023-6291",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-11-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2251407"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: redirect_uri validation bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6291"
},
{
"category": "external",
"summary": "RHBZ#2251407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6291",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291"
}
],
"release_date": "2023-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0798"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: redirect_uri validation bypass"
},
{
"cve": "CVE-2023-6484",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2023-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2248423"
}
],
"notes": [
{
"category": "description",
"text": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Log Injection during WebAuthn authentication or registration",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6484"
},
{
"category": "external",
"summary": "RHBZ#2248423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6484"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484"
}
],
"release_date": "2023-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0798"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "keycloak: Log Injection during WebAuthn authentication or registration"
},
{
"acknowledgments": [
{
"names": [
"Pontus Hanssen"
],
"organization": "Pontus.Hanssen@omegapoint.se"
}
],
"cve": "CVE-2023-6927",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-12-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2255027"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode \"form_post.jwt\" which could be used to bypass the security patch implemented to address CVE-2023-6134.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: open redirect via \"form_post.jwt\" JARM response mode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a moderate, following the same case for CVE-2023-6134, but with another response mode with JSON Web Token.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6927"
},
{
"category": "external",
"summary": "RHBZ#2255027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6927",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927"
}
],
"release_date": "2023-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0798"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: open redirect via \"form_post.jwt\" JARM response mode"
},
{
"cve": "CVE-2023-26048",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26048"
},
{
"category": "external",
"summary": "RHBZ#2236340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
}
],
"release_date": "2023-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0798"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()"
},
{
"cve": "CVE-2023-26049",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236341"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26049"
},
{
"category": "external",
"summary": "RHBZ#2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c"
}
],
"release_date": "2023-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0798"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies"
},
{
"cve": "CVE-2023-44483",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2023-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2246070"
}
],
"notes": [
{
"category": "description",
"text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "santuario: Private Key disclosure in debug-log output",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44483"
},
{
"category": "external",
"summary": "RHBZ#2246070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/20/5",
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/5"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55",
"url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55"
}
],
"release_date": "2023-10-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T16:55:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0798"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch",
"7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src",
"7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "santuario: Private Key disclosure in debug-log output"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…