Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2022-23647
Vulnerability from cvelistv5
Published
2022-02-18 14:50
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code. Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted. This bug has been fixed in v1.27.0. As a workaround, do not use the command line plugin on untrusted inputs, or sanitize all code blocks (remove all HTML code text) from all code blocks that use the command line plugin.
References
▼ | URL | Tags | |
---|---|---|---|
security-advisories@github.com | https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c | Patch, Third Party Advisory | |
security-advisories@github.com | https://github.com/PrismJS/prism/pull/3341 | Patch, Third Party Advisory | |
security-advisories@github.com | https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/PrismJS/prism/pull/3341 | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99 | Third Party Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:51:44.204Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/PrismJS/prism/pull/3341" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "prism", "vendor": "PrismJS", "versions": [ { "status": "affected", "version": "\u003e= 1.14.0, \u003c 1.27.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism\u0027s command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code. Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted. This bug has been fixed in v1.27.0. As a workaround, do not use the command line plugin on untrusted inputs, or sanitize all code blocks (remove all HTML code text) from all code blocks that use the command line plugin." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-18T14:50:10", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/PrismJS/prism/pull/3341" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c" } ], "source": { "advisory": "GHSA-3949-f494-cm99", "discovery": "UNKNOWN" }, "title": "Cross-site Scripting in Prism", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-23647", "STATE": "PUBLIC", "TITLE": "Cross-site Scripting in Prism" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "prism", "version": { "version_data": [ { "version_value": "\u003e= 1.14.0, \u003c 1.27.0" } ] } } ] }, "vendor_name": "PrismJS" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism\u0027s command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code. Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted. This bug has been fixed in v1.27.0. As a workaround, do not use the command line plugin on untrusted inputs, or sanitize all code blocks (remove all HTML code text) from all code blocks that use the command line plugin." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99", "refsource": "CONFIRM", "url": "https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99" }, { "name": "https://github.com/PrismJS/prism/pull/3341", "refsource": "MISC", "url": "https://github.com/PrismJS/prism/pull/3341" }, { "name": "https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c", "refsource": "MISC", "url": "https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c" } ] }, "source": { "advisory": "GHSA-3949-f494-cm99", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-23647", "datePublished": "2022-02-18T14:50:10", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2024-08-03T03:51:44.204Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-23647\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-02-18T15:15:07.740\",\"lastModified\":\"2024-11-21T06:49:00.820\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism\u0027s command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code. Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted. This bug has been fixed in v1.27.0. As a workaround, do not use the command line plugin on untrusted inputs, or sanitize all code blocks (remove all HTML code text) from all code blocks that use the command line plugin.\"},{\"lang\":\"es\",\"value\":\"Prism es una biblioteca de resaltado de sintaxis. A partir de la versi\u00f3n 1.14.0 y versiones anteriores a 1.27.0, el plugin de l\u00ednea de comandos de Prism puede ser usado por atacantes para lograr un ataque de tipo cross-site scripting. El plugin de l\u00ednea de comandos no escapaba apropiadamente su salida, conllevando a que el texto de entrada fuera insertado en el DOM como c\u00f3digo HTML. El uso del lado del servidor de Prism no est\u00e1 afectado. Los sitios web que no usan el plugin de l\u00ednea de comandos tampoco est\u00e1n afectados. Este error ha sido corregido en la versi\u00f3n 1.27.0. Como medida de mitigaci\u00f3n, no use el complemento de l\u00ednea de comandos en entradas no confiables, o sanee todos los bloques de c\u00f3digo (elimine todo el texto de c\u00f3digo HTML) de todos los bloques de c\u00f3digo que usen el complemento de l\u00ednea de comandos\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":5.3},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:prismjs:prism:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"1.14.0\",\"versionEndExcluding\":\"1.27.0\",\"matchCriteriaId\":\"74CAF516-7C50-41A2-9A78-B60CF495B4BE\"}]}]}],\"references\":[{\"url\":\"https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/PrismJS/prism/pull/3341\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/PrismJS/prism/pull/3341\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
wid-sec-w-2023-0554
Vulnerability from csaf_certbund
Published
2023-03-02 23:00
Modified
2023-03-02 23:00
Summary
IBM Maximo Asset Management: Schwachstelle ermöglicht Cross-Site Scripting
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Maximo Asset Management ist ein Enterprise-Asset-Management-System, das umfassenden Support für Assets, Maintenance, Ressourcen und Supply-Chain-Management-Anforderungen bietet.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM Maximo Asset Management ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme
- Applicance
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Maximo Asset Management ist ein Enterprise-Asset-Management-System, das umfassenden Support f\u00fcr Assets, Maintenance, Ressourcen und Supply-Chain-Management-Anforderungen bietet.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM Maximo Asset Management ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Applicance", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-0554 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0554.json" }, { "category": "self", "summary": "WID-SEC-2023-0554 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0554" }, { "category": "external", "summary": "IBM Security Bulletin: 6959695 vom 2023-03-02", "url": "https://www.ibm.com/support/pages/node/6959695" } ], "source_lang": "en-US", "title": "IBM Maximo Asset Management: Schwachstelle erm\u00f6glicht Cross-Site Scripting", "tracking": { "current_release_date": "2023-03-02T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:17:50.692+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-0554", "initial_release_date": "2023-03-02T23:00:00.000+00:00", "revision_history": [ { "date": "2023-03-02T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "IBM Maximo Asset Management 7.6.1.2", "product": { "name": "IBM Maximo Asset Management 7.6.1.2", "product_id": "T026608", "product_identification_helper": { "cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1.2" } } } ], "category": "vendor", "name": "IBM" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-23647", "notes": [ { "category": "description", "text": "In IBM Maximo Asset Management existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T026608" ] }, "release_date": "2023-03-02T23:00:00Z", "title": "CVE-2022-23647" } ] }
WID-SEC-W-2023-0554
Vulnerability from csaf_certbund
Published
2023-03-02 23:00
Modified
2023-03-02 23:00
Summary
IBM Maximo Asset Management: Schwachstelle ermöglicht Cross-Site Scripting
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Maximo Asset Management ist ein Enterprise-Asset-Management-System, das umfassenden Support für Assets, Maintenance, Ressourcen und Supply-Chain-Management-Anforderungen bietet.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM Maximo Asset Management ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme
- Applicance
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Maximo Asset Management ist ein Enterprise-Asset-Management-System, das umfassenden Support f\u00fcr Assets, Maintenance, Ressourcen und Supply-Chain-Management-Anforderungen bietet.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM Maximo Asset Management ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Applicance", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-0554 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0554.json" }, { "category": "self", "summary": "WID-SEC-2023-0554 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0554" }, { "category": "external", "summary": "IBM Security Bulletin: 6959695 vom 2023-03-02", "url": "https://www.ibm.com/support/pages/node/6959695" } ], "source_lang": "en-US", "title": "IBM Maximo Asset Management: Schwachstelle erm\u00f6glicht Cross-Site Scripting", "tracking": { "current_release_date": "2023-03-02T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:17:50.692+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-0554", "initial_release_date": "2023-03-02T23:00:00.000+00:00", "revision_history": [ { "date": "2023-03-02T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "IBM Maximo Asset Management 7.6.1.2", "product": { "name": "IBM Maximo Asset Management 7.6.1.2", "product_id": "T026608", "product_identification_helper": { "cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1.2" } } } ], "category": "vendor", "name": "IBM" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-23647", "notes": [ { "category": "description", "text": "In IBM Maximo Asset Management existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T026608" ] }, "release_date": "2023-03-02T23:00:00Z", "title": "CVE-2022-23647" } ] }
ghsa-3949-f494-cm99
Vulnerability from github
Published
2022-02-22 19:32
Modified
2022-02-22 19:32
Severity ?
Summary
Cross-site Scripting in Prism
Details
Impact
Prism's Command line plugin can be used by attackers to achieve an XSS attack. The Command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code.
Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted.
Patches
This bug has been fixed in v1.27.0.
Workarounds
Do not use the Command line plugin on untrusted inputs, or sanitized all code blocks (remove all HTML code text) from all code blocks that use the Command line plugin.
References
- https://github.com/PrismJS/prism/pull/3341
{ "affected": [ { "package": { "ecosystem": "npm", "name": "prismjs" }, "ranges": [ { "events": [ { "introduced": "1.14.0" }, { "fixed": "1.27.0" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2022-23647" ], "database_specific": { "cwe_ids": [ "CWE-79" ], "github_reviewed": true, "github_reviewed_at": "2022-02-22T19:32:18Z", "nvd_published_at": "2022-02-18T15:15:00Z", "severity": "HIGH" }, "details": "### Impact\nPrism\u0027s [Command line plugin](https://prismjs.com/plugins/command-line/) can be used by attackers to achieve an XSS attack. The Command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code.\n\nServer-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted.\n\n### Patches\nThis bug has been fixed in v1.27.0.\n\n### Workarounds\nDo not use the Command line plugin on untrusted inputs, or sanitized all code blocks (remove all HTML code text) from all code blocks that use the Command line plugin.\n\n### References\n- https://github.com/PrismJS/prism/pull/3341", "id": "GHSA-3949-f494-cm99", "modified": "2022-02-22T19:32:18Z", "published": "2022-02-22T19:32:18Z", "references": [ { "type": "WEB", "url": "https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23647" }, { "type": "WEB", "url": "https://github.com/PrismJS/prism/pull/3341" }, { "type": "WEB", "url": "https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c" }, { "type": "PACKAGE", "url": "https://github.com/PrismJS/prism" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L", "type": "CVSS_V3" } ], "summary": "Cross-site Scripting in Prism" }
rhsa-2022_8524
Vulnerability from csaf_redhat
Published
2022-11-17 13:40
Modified
2024-12-16 16:06
Summary
Red Hat Security Advisory: Red Hat Data Grid 8.4.0 security update
Notes
Topic
An update for Red Hat Data Grid 8 is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale.
Data Grid 8.4.0 replaces Data Grid 8.3.1 and includes bug fixes and enhancements. Find out more about Data Grid 8.4.0 in the Release Notes[3].
Security Fix(es):
* prismjs: improperly escaped output allows a XSS (CVE-2022-23647)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
* netty: world readable temporary file containing sensitive data (CVE-2022-24823)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for Red Hat Data Grid 8 is now available.\n \nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale.\n \nData Grid 8.4.0 replaces Data Grid 8.3.1 and includes bug fixes and enhancements. Find out more about Data Grid 8.4.0 in the Release Notes[3].\n\nSecurity Fix(es):\n\n* prismjs: improperly escaped output allows a XSS (CVE-2022-23647)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* netty: world readable temporary file containing sensitive data (CVE-2022-24823)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n\n* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:8524", "url": "https://access.redhat.com/errata/RHSA-2022:8524" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=70381\u0026product=data.grid\u0026version=8.4\u0026downloadType=patches", "url": "https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=70381\u0026product=data.grid\u0026version=8.4\u0026downloadType=patches" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.4/html-single/red_hat_data_grid_8.4_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.4/html-single/red_hat_data_grid_8.4_release_notes/index" }, { "category": "external", "summary": "2044591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591" }, { "category": "external", "summary": "2056643", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056643" }, { "category": "external", "summary": "2087186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186" }, { "category": "external", "summary": "2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707" }, { "category": "external", "summary": "2129709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709" }, { "category": "external", "summary": "2129710", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129710" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8524.json" } ], "title": "Red Hat Security Advisory: Red Hat Data Grid 8.4.0 security update", "tracking": { "current_release_date": "2024-12-16T16:06:18+00:00", "generator": { "date": "2024-12-16T16:06:18+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2022:8524", "initial_release_date": "2022-11-17T13:40:01+00:00", "revision_history": [ { "date": "2022-11-17T13:40:01+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-17T13:40:01+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-16T16:06:18+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Data Grid 8.4.0", "product": { "name": "Red Hat Data Grid 8.4.0", "product_id": "Red Hat Data Grid 8.4.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_data_grid:8" } } } ], "category": "product_family", "name": "Red Hat JBoss Data Grid" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-0235", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2022-01-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044591" } ], "notes": [ { "category": "description", "text": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-fetch: exposure of sensitive information to an unauthorized actor", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 8.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0235" }, { "category": "external", "summary": "RHBZ#2044591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0235", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0235" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235" }, { "category": "external", "summary": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/", "url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/" } ], "release_date": "2022-01-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-17T13:40:01+00:00", "details": "To install this update, do the following:\n \n1. Download the Data Grid 8.4.0 Server patch from the customer portal[\u00b2].\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 8.4.0 Server patch.\n4. Restart Data Grid to ensure the changes take effect.\n\nFor more information about Data Grid 8.4.0, refer to the 8.4.0 Release Notes[\u00b3]", "product_ids": [ "Red Hat Data Grid 8.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8524" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 8.4.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "node-fetch: exposure of sensitive information to an unauthorized actor" }, { "cve": "CVE-2022-23647", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-02-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2056643" } ], "notes": [ { "category": "description", "text": "A Cross-site scripting attack was found in Prism. The command-line plugin did not properly escape its output. This issue leads to the input text being inserted into the Document Object Model (DOM) as HTML code, which can be exploited by an attacker.", "title": "Vulnerability description" }, { "category": "summary", "text": "prismjs: improperly escaped output allows a XSS", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects Prism as shipped with all versions of Red Hat Ceph Storage, Red Hat Migration Toolkit for Virtualization, Red Hat OpenShift Container Platform, Red Hat OpenShift Service Mesh, Red Hat Advanced Cluster Security, and Red Hat Gluster Storage. However, this flaw is not known to be exploitable under any supported scenario, as websites that do not use the Command Line plugin are also not impacted. The above products do not use the Command Line plugin, thus, are marked not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 8.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23647" }, { "category": "external", "summary": "RHBZ#2056643", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056643" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23647", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23647" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23647", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23647" }, { "category": "external", "summary": "https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99", "url": "https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99" } ], "release_date": "2022-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-17T13:40:01+00:00", "details": "To install this update, do the following:\n \n1. Download the Data Grid 8.4.0 Server patch from the customer portal[\u00b2].\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 8.4.0 Server patch.\n4. Restart Data Grid to ensure the changes take effect.\n\nFor more information about Data Grid 8.4.0, refer to the 8.4.0 Release Notes[\u00b3]", "product_ids": [ "Red Hat Data Grid 8.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8524" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 8.4.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "prismjs: improperly escaped output allows a XSS" }, { "cve": "CVE-2022-24823", "cwe": { "id": "CWE-379", "name": "Creation of Temporary File in Directory with Insecure Permissions" }, "discovery_date": "2022-05-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2087186" } ], "notes": [ { "category": "description", "text": "CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: world readable temporary file containing sensitive data", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users.\n\nRed Hat Satellite 6 is not affected as is using netty 3.6.7 version which is not impacted by this vulnerability.\n\nRed Hat Fuse 7 is now in Maintenance Support Phase and should be fixed soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 8.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24823" }, { "category": "external", "summary": "RHBZ#2087186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24823", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24823" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823" } ], "release_date": "2022-05-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-17T13:40:01+00:00", "details": "To install this update, do the following:\n \n1. Download the Data Grid 8.4.0 Server patch from the customer portal[\u00b2].\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 8.4.0 Server patch.\n4. Restart Data Grid to ensure the changes take effect.\n\nFor more information about Data Grid 8.4.0, refer to the 8.4.0 Release Notes[\u00b3]", "product_ids": [ "Red Hat Data Grid 8.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8524" }, { "category": "workaround", "details": "As a workaround, specify one\u0027s own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.", "product_ids": [ "Red Hat Data Grid 8.4.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 8.4.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: world readable temporary file containing sensitive data" }, { "cve": "CVE-2022-25857", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126789" } ], "notes": [ { "category": "description", "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections", "title": "Vulnerability summary" }, { "category": "other", "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 8.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25857" }, { "category": "external", "summary": "RHBZ#2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857" }, { "category": "external", "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" } ], "release_date": "2022-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-17T13:40:01+00:00", "details": "To install this update, do the following:\n \n1. Download the Data Grid 8.4.0 Server patch from the customer portal[\u00b2].\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 8.4.0 Server patch.\n4. Restart Data Grid to ensure the changes take effect.\n\nFor more information about Data Grid 8.4.0, refer to the 8.4.0 Release Notes[\u00b3]", "product_ids": [ "Red Hat Data Grid 8.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8524" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 8.4.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections" }, { "cve": "CVE-2022-38749", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129706" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 8.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38749" }, { "category": "external", "summary": "RHBZ#2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-17T13:40:01+00:00", "details": "To install this update, do the following:\n \n1. Download the Data Grid 8.4.0 Server patch from the customer portal[\u00b2].\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 8.4.0 Server patch.\n4. Restart Data Grid to ensure the changes take effect.\n\nFor more information about Data Grid 8.4.0, refer to the 8.4.0 Release Notes[\u00b3]", "product_ids": [ "Red Hat Data Grid 8.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8524" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 8.4.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode" }, { "cve": "CVE-2022-38750", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129707" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 8.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38750" }, { "category": "external", "summary": "RHBZ#2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38750", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-17T13:40:01+00:00", "details": "To install this update, do the following:\n \n1. Download the Data Grid 8.4.0 Server patch from the customer portal[\u00b2].\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 8.4.0 Server patch.\n4. Restart Data Grid to ensure the changes take effect.\n\nFor more information about Data Grid 8.4.0, refer to the 8.4.0 Release Notes[\u00b3]", "product_ids": [ "Red Hat Data Grid 8.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8524" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 8.4.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject" }, { "cve": "CVE-2022-38751", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129709" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 8.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38751" }, { "category": "external", "summary": "RHBZ#2129709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38751", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-17T13:40:01+00:00", "details": "To install this update, do the following:\n \n1. Download the Data Grid 8.4.0 Server patch from the customer portal[\u00b2].\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 8.4.0 Server patch.\n4. Restart Data Grid to ensure the changes take effect.\n\nFor more information about Data Grid 8.4.0, refer to the 8.4.0 Release Notes[\u00b3]", "product_ids": [ "Red Hat Data Grid 8.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8524" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 8.4.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match" }, { "cve": "CVE-2022-38752", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129710" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 8.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38752" }, { "category": "external", "summary": "RHBZ#2129710", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129710" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38752", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38752" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-17T13:40:01+00:00", "details": "To install this update, do the following:\n \n1. Download the Data Grid 8.4.0 Server patch from the customer portal[\u00b2].\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 8.4.0 Server patch.\n4. Restart Data Grid to ensure the changes take effect.\n\nFor more information about Data Grid 8.4.0, refer to the 8.4.0 Release Notes[\u00b3]", "product_ids": [ "Red Hat Data Grid 8.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8524" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 8.4.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode" } ] }
rhsa-2022_6835
Vulnerability from csaf_redhat
Published
2022-10-06 12:26
Modified
2024-12-18 00:37
Summary
Red Hat Security Advisory: Service Registry (container images) release and security update [2.3.0.GA]
Notes
Topic
An update to the images for Red Hat Integration Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat Integration - Service registry 2.3.0.GA serves as a replacement for 2.0.3.GA, and includes the below security fixes.
Security Fix(es):
* cron-utils: template Injection leading to unauthenticated Remote Code Execution (CVE-2021-41269)
* prismjs: improperly escaped output allows a XSS (CVE-2022-23647)
* snakeyaml: Denial of Service due missing to nested depth limitation for collections (CVE-2022-25857)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569)
* quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus (CVE-2022-0981)
* quarkus-jdbc-postgresql-deployment: jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)
* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
* follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520)
* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)
* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)
* node-forge: Signature verification leniency in checking `DigestInfo` structure (CVE-2022-24773)
* com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)
* terser: insecure use of regular expressions leads to ReDoS (CVE-2022-25858)
* graphql-java: DoS by malicious query (CVE-2022-37734)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update to the images for Red Hat Integration Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat Integration - Service registry 2.3.0.GA serves as a replacement for 2.0.3.GA, and includes the below security fixes.\n\nSecurity Fix(es):\n\n* cron-utils: template Injection leading to unauthenticated Remote Code Execution (CVE-2021-41269)\n\n* prismjs: improperly escaped output allows a XSS (CVE-2022-23647)\n\n* snakeyaml: Denial of Service due missing to nested depth limitation for collections (CVE-2022-25857)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569)\n\n* quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus (CVE-2022-0981)\n\n* quarkus-jdbc-postgresql-deployment: jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)\n\n* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520)\n\n* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)\n\n* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)\n\n* node-forge: Signature verification leniency in checking `DigestInfo` structure (CVE-2022-24773)\n\n* com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)\n\n* terser: insecure use of regular expressions leads to ReDoS (CVE-2022-25858)\n\n* graphql-java: DoS by malicious query (CVE-2022-37734)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6835", "url": "https://access.redhat.com/errata/RHSA-2022:6835" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "2024632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024632" }, { "category": "external", "summary": "2039903", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039903" }, { "category": "external", "summary": "2044591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591" }, { "category": "external", "summary": "2050863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050863" }, { "category": "external", "summary": "2053259", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053259" }, { "category": "external", "summary": "2056643", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056643" }, { "category": "external", "summary": "2062520", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062520" }, { "category": "external", "summary": "2064007", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064007" }, { "category": "external", "summary": "2067387", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067387" }, { "category": "external", "summary": "2067458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067458" }, { "category": "external", "summary": "2067461", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067461" }, { "category": "external", "summary": "2080850", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850" }, { "category": "external", "summary": "2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "2126277", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126277" }, { "category": "external", "summary": "2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "2126809", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126809" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6835.json" } ], "title": "Red Hat Security Advisory: Service Registry (container images) release and security update [2.3.0.GA]", "tracking": { "current_release_date": "2024-12-18T00:37:04+00:00", "generator": { "date": "2024-12-18T00:37:04+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2022:6835", "initial_release_date": "2022-10-06T12:26:20+00:00", "revision_history": [ { "date": "2022-10-06T12:26:20+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-10-06T12:26:20+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-18T00:37:04+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHINT Service Registry 2.3.0 GA", "product": { "name": "RHINT Service Registry 2.3.0 GA", "product_id": "RHINT Service Registry 2.3.0 GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:service_registry:2.3" } } } ], "category": "product_family", "name": "Red Hat Integration" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-22569", "cwe": { "id": "CWE-696", "name": "Incorrect Behavior Order" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039903" } ], "notes": [ { "category": "description", "text": "A flaw was found in protobuf-java. Google Protocol Buffer (protobuf-java) allows the interleaving of com.google.protobuf.UnknownFieldSet fields. By persuading a victim to open specially-crafted content, a remote attacker could cause a timeout in the ProtobufFuzzer function, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "protobuf-java: potential DoS in the parsing procedure for binary data", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Service Registry 2.3.0 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-22569" }, { "category": "external", "summary": "RHBZ#2039903", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039903" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-22569", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22569" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22569", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22569" }, { "category": "external", "summary": "https://github.com/protocolbuffers/protobuf/commit/b3093dce58bc9d3042f085666d83c8ef1f51fe7b", "url": "https://github.com/protocolbuffers/protobuf/commit/b3093dce58bc9d3042f085666d83c8ef1f51fe7b" }, { "category": "external", "summary": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67", "url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67" } ], "release_date": "2022-01-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-06T12:26:20+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHINT Service Registry 2.3.0 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6835" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHINT Service Registry 2.3.0 GA" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "protobuf-java: potential DoS in the parsing procedure for binary data" }, { "cve": "CVE-2021-37136", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004133" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data", "title": "Vulnerability summary" }, { "category": "other", "text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Service Registry 2.3.0 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37136" }, { "category": "external", "summary": "RHBZ#2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-06T12:26:20+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHINT Service Registry 2.3.0 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6835" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHINT Service Registry 2.3.0 GA" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data" }, { "cve": "CVE-2021-37137", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004135" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Service Registry 2.3.0 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37137" }, { "category": "external", "summary": "RHBZ#2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-06T12:26:20+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHINT Service Registry 2.3.0 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6835" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHINT Service Registry 2.3.0 GA" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way" }, { "cve": "CVE-2021-41269", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2021-11-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2024632" } ], "notes": [ { "category": "description", "text": "A flaw was found in cron-utils. This flaw allows an attacker to perform unauthenticated Remote Code Execution (RCE) via Java Expression Language (EL) injection.", "title": "Vulnerability description" }, { "category": "summary", "text": "cron-utils: template Injection leading to unauthenticated Remote Code Execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Only projects using the @Cron annotation to validate untrusted Cron expressions are affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Service Registry 2.3.0 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-41269" }, { "category": "external", "summary": "RHBZ#2024632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024632" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-41269", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41269" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41269", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41269" } ], "release_date": "2021-11-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-06T12:26:20+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHINT Service Registry 2.3.0 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6835" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHINT Service Registry 2.3.0 GA" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "cron-utils: template Injection leading to unauthenticated Remote Code Execution" }, { "cve": "CVE-2022-0235", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2022-01-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044591" } ], "notes": [ { "category": "description", "text": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-fetch: exposure of sensitive information to an unauthorized actor", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Service Registry 2.3.0 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0235" }, { "category": "external", "summary": "RHBZ#2044591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0235", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0235" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235" }, { "category": "external", "summary": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/", "url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/" } ], "release_date": "2022-01-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-06T12:26:20+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHINT Service Registry 2.3.0 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6835" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "RHINT Service Registry 2.3.0 GA" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "node-fetch: exposure of sensitive information to an unauthorized actor" }, { "cve": "CVE-2022-0536", "cwe": { "id": "CWE-212", "name": "Improper Removal of Sensitive Information Before Storage or Transfer" }, "discovery_date": "2022-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2053259" } ], "notes": [ { "category": "description", "text": "A flaw was found in the follow-redirects package. This flaw allows the exposure of sensitive information to an unauthorized actor due to the usage of insecure HTTP protocol. This issue happens with an Authorization header leak from the same hostname, https-http, and requires a Man-in-the-Middle (MITM) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "follow-redirects: Exposure of Sensitive Information via Authorization Header leak", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Service Registry 2.3.0 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0536" }, { "category": "external", "summary": "RHBZ#2053259", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053259" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0536", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0536" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0536", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0536" } ], "release_date": "2022-02-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-06T12:26:20+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHINT Service Registry 2.3.0 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6835" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "RHINT Service Registry 2.3.0 GA" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "follow-redirects: Exposure of Sensitive Information via Authorization Header leak" }, { "acknowledgments": [ { "names": [ "Sanne Grinovero" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-0981", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2022-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2062520" } ], "notes": [ { "category": "description", "text": "A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended.", "title": "Vulnerability description" }, { "category": "summary", "text": "quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio. Please see https://developers.redhat.com/articles/2022/04/18/announcement-red-hat-codeready-studio-reaches-end-life for more information.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Service Registry 2.3.0 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0981" }, { "category": "external", "summary": "RHBZ#2062520", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062520" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0981", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0981" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0981", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0981" }, { "category": "external", "summary": "https://github.com/quarkusio/quarkus/issues/23269", "url": "https://github.com/quarkusio/quarkus/issues/23269" } ], "release_date": "2022-02-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-06T12:26:20+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHINT Service Registry 2.3.0 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6835" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.1" }, "products": [ "RHINT Service Registry 2.3.0 GA" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus" }, { "cve": "CVE-2022-21724", "cwe": { "id": "CWE-665", "name": "Improper Initialization" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2050863" } ], "notes": [ { "category": "description", "text": "pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes", "title": "Vulnerability summary" }, { "category": "other", "text": "According to the patch upstream the scoring of this issue has been severely reduced and is no longer considered an RCE. Therefore, the flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6, 7 and 8.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Service Registry 2.3.0 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21724" }, { "category": "external", "summary": "RHBZ#2050863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050863" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21724", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21724" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21724", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21724" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-v7wg-cpwc-24m4", "url": "https://github.com/advisories/GHSA-v7wg-cpwc-24m4" } ], "release_date": "2022-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-06T12:26:20+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHINT Service Registry 2.3.0 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6835" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHINT Service Registry 2.3.0 GA" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes" }, { "cve": "CVE-2022-23647", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-02-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2056643" } ], "notes": [ { "category": "description", "text": "A Cross-site scripting attack was found in Prism. The command-line plugin did not properly escape its output. This issue leads to the input text being inserted into the Document Object Model (DOM) as HTML code, which can be exploited by an attacker.", "title": "Vulnerability description" }, { "category": "summary", "text": "prismjs: improperly escaped output allows a XSS", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects Prism as shipped with all versions of Red Hat Ceph Storage, Red Hat Migration Toolkit for Virtualization, Red Hat OpenShift Container Platform, Red Hat OpenShift Service Mesh, Red Hat Advanced Cluster Security, and Red Hat Gluster Storage. However, this flaw is not known to be exploitable under any supported scenario, as websites that do not use the Command Line plugin are also not impacted. The above products do not use the Command Line plugin, thus, are marked not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Service Registry 2.3.0 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23647" }, { "category": "external", "summary": "RHBZ#2056643", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056643" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23647", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23647" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23647", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23647" }, { "category": "external", "summary": "https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99", "url": "https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99" } ], "release_date": "2022-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-06T12:26:20+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHINT Service Registry 2.3.0 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6835" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "RHINT Service Registry 2.3.0 GA" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "prismjs: improperly escaped output allows a XSS" }, { "cve": "CVE-2022-24771", "cwe": { "id": "CWE-347", "name": "Improper Verification of Cryptographic Signature" }, "discovery_date": "2022-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2067387" } ], "notes": [ { "category": "description", "text": "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects the DigestAlgorithm structure.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Service Registry 2.3.0 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24771" }, { "category": "external", "summary": "RHBZ#2067387", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067387" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24771", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24771" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24771", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24771" }, { "category": "external", "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765", "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765" } ], "release_date": "2022-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-06T12:26:20+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHINT Service Registry 2.3.0 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6835" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "RHINT Service Registry 2.3.0 GA" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery" }, { "cve": "CVE-2022-24772", "cwe": { "id": "CWE-347", "name": "Improper Verification of Cryptographic Signature" }, "discovery_date": "2022-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2067458" } ], "notes": [ { "category": "description", "text": "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects the DigestInfo ASN.1 structure.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Service Registry 2.3.0 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24772" }, { "category": "external", "summary": "RHBZ#2067458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067458" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24772", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24772" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24772", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24772" }, { "category": "external", "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g", "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g" } ], "release_date": "2022-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-06T12:26:20+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHINT Service Registry 2.3.0 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6835" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "RHINT Service Registry 2.3.0 GA" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery" }, { "cve": "CVE-2022-24773", "cwe": { "id": "CWE-347", "name": "Improper Verification of Cryptographic Signature" }, "discovery_date": "2022-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2067461" } ], "notes": [ { "category": "description", "text": "A flaw was found in the node-forge library when verifying the signature on the ASN.1 structure in RSA PKCS#1 v1.5. This flaw allows an attacker to obtain successful verification for invalid DigestInfo structure, affecting the integrity of the attacked resource.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-forge: Signature verification leniency in checking `DigestInfo` structure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Service Registry 2.3.0 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24773" }, { "category": "external", "summary": "RHBZ#2067461", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067461" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24773", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24773" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24773", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24773" }, { "category": "external", "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr", "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr" } ], "release_date": "2022-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-06T12:26:20+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHINT Service Registry 2.3.0 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6835" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "RHINT Service Registry 2.3.0 GA" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "node-forge: Signature verification leniency in checking `DigestInfo` structure" }, { "cve": "CVE-2022-25647", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-05-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2080850" } ], "notes": [ { "category": "description", "text": "A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Service Registry 2.3.0 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25647" }, { "category": "external", "summary": "RHBZ#2080850", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25647", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25647" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647" } ], "release_date": "2022-05-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-06T12:26:20+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHINT Service Registry 2.3.0 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6835" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHINT Service Registry 2.3.0 GA" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson" }, { "cve": "CVE-2022-25857", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126789" } ], "notes": [ { "category": "description", "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections", "title": "Vulnerability summary" }, { "category": "other", "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Service Registry 2.3.0 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25857" }, { "category": "external", "summary": "RHBZ#2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857" }, { "category": "external", "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" } ], "release_date": "2022-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-06T12:26:20+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHINT Service Registry 2.3.0 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6835" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHINT Service Registry 2.3.0 GA" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections" }, { "cve": "CVE-2022-25858", "discovery_date": "2022-09-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126277" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the terser package. Affected versions of this package are vulnerable to Regular expression denial of service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "terser: insecure use of regular expressions leads to ReDoS", "title": "Vulnerability summary" }, { "category": "other", "text": "For OpenShift Do (odo) product terser is shipped only for using in static page generators for upstream, thus this represents no security risk.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Service Registry 2.3.0 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25858" }, { "category": "external", "summary": "RHBZ#2126277", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126277" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25858", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25858" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25858", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25858" } ], "release_date": "2022-07-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-06T12:26:20+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHINT Service Registry 2.3.0 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6835" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHINT Service Registry 2.3.0 GA" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "terser: insecure use of regular expressions leads to ReDoS" }, { "cve": "CVE-2022-26520", "cwe": { "id": "CWE-552", "name": "Files or Directories Accessible to External Parties" }, "discovery_date": "2022-03-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064007" } ], "notes": [ { "category": "description", "text": "A flaw was found in Postgres JDBC. This flaw allows an attacker to use a method to write arbitrary files through the connection properties settings. For example, an attacker can create an executable file under the server the application is running and make it a new part of the application or server.", "title": "Vulnerability description" }, { "category": "summary", "text": "postgresql-jdbc: Arbitrary File Write Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat informs that although there\u0027s a difference from NVD CVSSv3 score there\u0027s a especial occasion in this CVE that maintain it as a moderate. The scenario for an attacker to get a benefit in this situation requires them to have access to modify a configuration file and write a file where it\u0027s needed. This require non-default configuration and also it\u0027s not expected to allow an untrusted user to perform this kind of setting.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Service Registry 2.3.0 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-26520" }, { "category": "external", "summary": "RHBZ#2064007", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064007" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-26520", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26520" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26520", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26520" } ], "release_date": "2022-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-06T12:26:20+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHINT Service Registry 2.3.0 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6835" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHINT Service Registry 2.3.0 GA" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "postgresql-jdbc: Arbitrary File Write Vulnerability" }, { "cve": "CVE-2022-31129", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-07-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2105075" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "moment: inefficient parsing algorithm resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Service Registry 2.3.0 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31129" }, { "category": "external", "summary": "RHBZ#2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g" } ], "release_date": "2022-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-06T12:26:20+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHINT Service Registry 2.3.0 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6835" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHINT Service Registry 2.3.0 GA" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "moment: inefficient parsing algorithm resulting in DoS" }, { "cve": "CVE-2022-37734", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2022-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126809" } ], "notes": [ { "category": "description", "text": "A flaw was found in GraphQL Java. This flaw allows an attacker to use a malicious query in GraphQL to cause a denial of service due to inefficient lexer input validation.", "title": "Vulnerability description" }, { "category": "summary", "text": "graphql-java: DoS by malicious query", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Service Registry 2.3.0 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-37734" }, { "category": "external", "summary": "RHBZ#2126809", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126809" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37734", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37734" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37734", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37734" } ], "release_date": "2022-09-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-06T12:26:20+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHINT Service Registry 2.3.0 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6835" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHINT Service Registry 2.3.0 GA" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "graphql-java: DoS by malicious query" } ] }
gsd-2022-23647
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code. Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted. This bug has been fixed in v1.27.0. As a workaround, do not use the command line plugin on untrusted inputs, or sanitize all code blocks (remove all HTML code text) from all code blocks that use the command line plugin.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2022-23647", "description": "Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism\u0027s command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code. Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted. This bug has been fixed in v1.27.0. As a workaround, do not use the command line plugin on untrusted inputs, or sanitize all code blocks (remove all HTML code text) from all code blocks that use the command line plugin.", "id": "GSD-2022-23647", "references": [ "https://access.redhat.com/errata/RHSA-2022:6835", "https://access.redhat.com/errata/RHSA-2022:8524" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2022-23647" ], "details": "Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism\u0027s command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code. Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted. This bug has been fixed in v1.27.0. As a workaround, do not use the command line plugin on untrusted inputs, or sanitize all code blocks (remove all HTML code text) from all code blocks that use the command line plugin.", "id": "GSD-2022-23647", "modified": "2023-12-13T01:19:35.044122Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-23647", "STATE": "PUBLIC", "TITLE": "Cross-site Scripting in Prism" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "prism", "version": { "version_data": [ { "version_value": "\u003e= 1.14.0, \u003c 1.27.0" } ] } } ] }, "vendor_name": "PrismJS" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism\u0027s command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code. Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted. This bug has been fixed in v1.27.0. As a workaround, do not use the command line plugin on untrusted inputs, or sanitize all code blocks (remove all HTML code text) from all code blocks that use the command line plugin." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99", "refsource": "CONFIRM", "url": "https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99" }, { "name": "https://github.com/PrismJS/prism/pull/3341", "refsource": "MISC", "url": "https://github.com/PrismJS/prism/pull/3341" }, { "name": "https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c", "refsource": "MISC", "url": "https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c" } ] }, "source": { "advisory": "GHSA-3949-f494-cm99", "discovery": "UNKNOWN" } }, "gitlab.com": { "advisories": [ { "affected_range": "\u003e=1.14.0 \u003c1.27.0", "affected_versions": "All versions starting from 1.14.0 before 1.27.0", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cwe_ids": [ "CWE-1035", "CWE-79", "CWE-937" ], "date": "2022-02-28", "description": "Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism\u0027s command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin does not properly escape its output, leading to the input text being inserted into the DOM as HTML code. Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted. This bug has been fixed in v1.27.0. As a workaround, do not use the command line plugin on untrusted inputs, or sanitize all code blocks (remove all HTML code text) from all code blocks that use the command line plugin.", "fixed_versions": [ "1.27.0" ], "identifier": "CVE-2022-23647", "identifiers": [ "CVE-2022-23647", "GHSA-3949-f494-cm99" ], "not_impacted": "All versions before 1.14.0, all versions starting from 1.27.0", "package_slug": "npm/prismjs", "pubdate": "2022-02-18", "solution": "Upgrade to version 1.27.0 or above.", "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "urls": [ "https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99", "https://nvd.nist.gov/vuln/detail/CVE-2022-23647", "https://github.com/PrismJS/prism/pull/3341", "https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c", "https://github.com/advisories/GHSA-3949-f494-cm99" ], "uuid": "111ef4c8-33f7-4778-a4a7-98e0df7a4938" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:prismjs:prism:*:*:*:*:*:node.js:*:*", "cpe_name": [], "versionEndExcluding": "1.27.0", "versionStartIncluding": "1.14.0", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-23647" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism\u0027s command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code. Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted. This bug has been fixed in v1.27.0. As a workaround, do not use the command line plugin on untrusted inputs, or sanitize all code blocks (remove all HTML code text) from all code blocks that use the command line plugin." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-79" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99" }, { "name": "https://github.com/PrismJS/prism/pull/3341", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/PrismJS/prism/pull/3341" }, { "name": "https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 2.7 } }, "lastModifiedDate": "2022-02-28T19:19Z", "publishedDate": "2022-02-18T15:15Z" } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.