Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2022-3782
Vulnerability from cvelistv5
Published
2023-01-11 16:58
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2022-3782 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2022-3782 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| redhat.com | Keycloak |
Version: 20.0.2 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:20:57.802Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Keycloak", vendor: "redhat.com", versions: [ { lessThan: "20.0.2", status: "affected", version: "20.0.2", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-13T04:22:02.451274Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-3782", datePublished: "2023-01-11T16:58:10.434Z", dateReserved: "2022-10-31T20:17:27.732Z", dateUpdated: "2024-08-03T01:20:57.802Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:keycloak:20.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"703CD4CB-29AA-4354-B210-AD78774525E1\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.\"}, {\"lang\": \"es\", \"value\": \"Keycloack: Path Traversal mediante codificaci\\u00f3n de URL doble. Se encontr\\u00f3 una falla en Keycloak, donde no valida correctamente las URL incluidas en una redirecci\\u00f3n. Un atacante puede utilizar esta falla para crear una solicitud maliciosa para eludir la validaci\\u00f3n y acceder a otras URL e informaci\\u00f3n potencialmente confidencial dentro del dominio o posiblemente realizar m\\u00e1s ataques. Esta falla afecta a cualquier cliente que utilice un comod\\u00edn en el campo URI de redireccionamiento v\\u00e1lido.\"}]", id: "CVE-2022-3782", lastModified: "2024-11-21T07:20:13.763", metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}]}", published: "2023-01-13T06:15:11.187", references: "[{\"url\": \"https://access.redhat.com/security/cve/CVE-2022-3782\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2022-3782\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]", sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2022-3782\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2023-01-13T06:15:11.187\",\"lastModified\":\"2024-11-21T07:20:13.763\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.\"},{\"lang\":\"es\",\"value\":\"Keycloack: Path Traversal mediante codificación de URL doble. Se encontró una falla en Keycloak, donde no valida correctamente las URL incluidas en una redirección. Un atacante puede utilizar esta falla para crear una solicitud maliciosa para eludir la validación y acceder a otras URL e información potencialmente confidencial dentro del dominio o posiblemente realizar más ataques. Esta falla afecta a cualquier cliente que utilice un comodín en el campo URI de redireccionamiento válido.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:keycloak:20.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703CD4CB-29AA-4354-B210-AD78774525E1\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2022-3782\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/CVE-2022-3782\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", }, }
RHSA-2023:1661
Vulnerability from csaf_redhat
Published
2023-04-05 13:34
Modified
2025-03-16 06:47
Summary
Red Hat Security Advisory: Red Hat AMQ Broker 7.11.0 release and security update
Notes
Topic
Red Hat AMQ Broker 7.11.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.
This release of Red Hat AMQ Broker 7.11.0 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* springframework: DoS via data binding to multipartFile or servlet part (CVE-2022-22970)
* springframework: DoS with STOMP over WebSocket (CVE-2022-22971)
* WildFly: possible information disclosure (CVE-2022-1278)
* jetty-http: improver hostname input handling (CVE-2022-2047)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat AMQ Broker 7.11.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.\n\nThis release of Red Hat AMQ Broker 7.11.0 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* springframework: DoS via data binding to multipartFile or servlet part (CVE-2022-22970)\n\n* springframework: DoS with STOMP over WebSocket (CVE-2022-22971)\n\n* WildFly: possible information disclosure (CVE-2022-1278)\n\n* jetty-http: improver hostname input handling (CVE-2022-2047)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:1661", url: "https://access.redhat.com/errata/RHSA-2023:1661", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.11.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.11.0", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.11", url: "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.11", }, { category: "external", summary: "2073401", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073401", }, { category: "external", summary: "2087272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087272", }, { category: "external", summary: "2087274", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087274", }, { category: "external", summary: "2116949", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2116949", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1661.json", }, ], title: "Red Hat Security Advisory: Red Hat AMQ Broker 7.11.0 release and security update", tracking: { current_release_date: "2025-03-16T06:47:16+00:00", generator: { date: "2025-03-16T06:47:16+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:1661", initial_release_date: "2023-04-05T13:34:59+00:00", revision_history: [ { date: "2023-04-05T13:34:59+00:00", number: "1", summary: "Initial version", }, { date: "2023-04-05T13:34:59+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-16T06:47:16+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "AMQ Broker 7.11.0", product: { name: "AMQ Broker 7.11.0", product_id: "AMQ Broker 7.11.0", product_identification_helper: { cpe: "cpe:/a:redhat:amq_broker:7", }, }, }, ], category: "product_family", name: "Red Hat JBoss AMQ", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-1278", cwe: { id: "CWE-1188", name: "Initialization of a Resource with an Insecure Default", }, discovery_date: "2022-04-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073401", }, ], notes: [ { category: "description", text: "A flaw was found in WildFly. This flaw allows an attacker to see deployment names, endpoints, and any other data the trace payload may contain.", title: "Vulnerability description", }, { category: "summary", text: "WildFly: possible information disclosure", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.11.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1278", }, { category: "external", summary: "RHBZ#2073401", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073401", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1278", url: "https://www.cve.org/CVERecord?id=CVE-2022-1278", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1278", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1278", }, ], release_date: "2022-04-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-05T13:34:59+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.11.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1661", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "AMQ Broker 7.11.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "WildFly: possible information disclosure", }, { cve: "CVE-2022-2047", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-08-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2116949", }, ], notes: [ { category: "description", text: "A flaw was found in Eclipse Jetty. When parsing the authority segment of an HTTP scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This issue can lead to failures in a Proxy scenario.", title: "Vulnerability description", }, { category: "summary", text: "jetty-http: improver hostname input handling", title: "Vulnerability summary", }, { category: "other", text: "In Red Hat Satellite jetty was used to build index files to search documentation. Nowadays in Satellite 6.9 and 6.10 jetty dependency is not in use and there is no access to it, so there is no way this vulnerability can be exploitable. Therefore Satellite supported versions are not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.11.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2047", }, { category: "external", summary: "RHBZ#2116949", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2116949", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2047", url: "https://www.cve.org/CVERecord?id=CVE-2022-2047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2047", }, { category: "external", summary: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q", url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q", }, ], release_date: "2022-07-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-05T13:34:59+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.11.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1661", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "AMQ Broker 7.11.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jetty-http: improver hostname input handling", }, { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.11.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-05T13:34:59+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.11.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1661", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "AMQ Broker 7.11.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { cve: "CVE-2022-22970", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2087272", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. Applications that handle file uploads are vulnerable to a denial of service (DoS) attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.", title: "Vulnerability description", }, { category: "summary", text: "springframework: DoS via data binding to multipartFile or servlet part", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.11.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-22970", }, { category: "external", summary: "RHBZ#2087272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087272", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-22970", url: "https://www.cve.org/CVERecord?id=CVE-2022-22970", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-22970", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-22970", }, { category: "external", summary: "https://tanzu.vmware.com/security/cve-2022-22970", url: "https://tanzu.vmware.com/security/cve-2022-22970", }, ], release_date: "2022-05-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-05T13:34:59+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.11.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1661", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AMQ Broker 7.11.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "springframework: DoS via data binding to multipartFile or servlet part", }, { cve: "CVE-2022-22971", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2087274", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user.", title: "Vulnerability description", }, { category: "summary", text: "springframework: DoS with STOMP over WebSocket", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.11.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-22971", }, { category: "external", summary: "RHBZ#2087274", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087274", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-22971", url: "https://www.cve.org/CVERecord?id=CVE-2022-22971", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-22971", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-22971", }, { category: "external", summary: "https://tanzu.vmware.com/security/cve-2022-22971", url: "https://tanzu.vmware.com/security/cve-2022-22971", }, ], release_date: "2022-05-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-05T13:34:59+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.11.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1661", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AMQ Broker 7.11.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "springframework: DoS with STOMP over WebSocket", }, ], }
rhsa-2023_2041
Vulnerability from csaf_redhat
Published
2023-04-27 00:48
Modified
2024-12-17 22:57
Summary
Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update
Notes
Topic
Migration Toolkit for Applications 6.1.0 release
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Migration Toolkit for Applications 6.1.0 Images
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* Apache CXF: SSRF Vulnerability (CVE-2022-46364)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Migration Toolkit for Applications 6.1.0 release\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Migration Toolkit for Applications 6.1.0 Images\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)\n\n* Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:2041", url: "https://access.redhat.com/errata/RHSA-2023:2041", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2162200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162200", }, { category: "external", summary: "2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "MTA-118", url: "https://issues.redhat.com/browse/MTA-118", }, { category: "external", summary: "MTA-123", url: "https://issues.redhat.com/browse/MTA-123", }, { category: "external", summary: "MTA-129", url: "https://issues.redhat.com/browse/MTA-129", }, { category: "external", summary: "MTA-160", url: "https://issues.redhat.com/browse/MTA-160", }, { category: "external", summary: "MTA-204", url: "https://issues.redhat.com/browse/MTA-204", }, { category: "external", summary: "MTA-256", url: "https://issues.redhat.com/browse/MTA-256", }, { category: "external", summary: "MTA-260", url: "https://issues.redhat.com/browse/MTA-260", }, { category: "external", summary: "MTA-261", url: "https://issues.redhat.com/browse/MTA-261", }, { category: "external", summary: "MTA-263", url: "https://issues.redhat.com/browse/MTA-263", }, { category: "external", summary: "MTA-267", url: "https://issues.redhat.com/browse/MTA-267", }, { category: "external", summary: "MTA-268", url: "https://issues.redhat.com/browse/MTA-268", }, { category: "external", summary: "MTA-279", url: "https://issues.redhat.com/browse/MTA-279", }, { category: "external", summary: "MTA-28", url: "https://issues.redhat.com/browse/MTA-28", }, { category: "external", summary: "MTA-282", url: "https://issues.redhat.com/browse/MTA-282", }, { category: "external", summary: "MTA-283", url: "https://issues.redhat.com/browse/MTA-283", }, { category: "external", summary: "MTA-284", url: "https://issues.redhat.com/browse/MTA-284", }, { category: "external", summary: "MTA-29", url: "https://issues.redhat.com/browse/MTA-29", }, { category: "external", summary: "MTA-297", url: "https://issues.redhat.com/browse/MTA-297", }, { category: "external", summary: "MTA-298", url: "https://issues.redhat.com/browse/MTA-298", }, { category: "external", summary: "MTA-299", url: "https://issues.redhat.com/browse/MTA-299", }, { category: "external", summary: "MTA-300", url: "https://issues.redhat.com/browse/MTA-300", }, { category: "external", summary: "MTA-303", url: "https://issues.redhat.com/browse/MTA-303", }, { category: "external", summary: "MTA-304", url: "https://issues.redhat.com/browse/MTA-304", }, { category: "external", summary: "MTA-306", url: "https://issues.redhat.com/browse/MTA-306", }, { category: "external", summary: "MTA-311", url: "https://issues.redhat.com/browse/MTA-311", }, { category: "external", summary: "MTA-314", url: "https://issues.redhat.com/browse/MTA-314", }, { category: "external", summary: "MTA-330", url: "https://issues.redhat.com/browse/MTA-330", }, { category: "external", summary: "MTA-332", url: "https://issues.redhat.com/browse/MTA-332", }, { category: "external", summary: "MTA-34", url: "https://issues.redhat.com/browse/MTA-34", }, { category: "external", summary: "MTA-345", url: "https://issues.redhat.com/browse/MTA-345", }, { category: "external", summary: "MTA-35", url: "https://issues.redhat.com/browse/MTA-35", }, { category: "external", summary: "MTA-350", url: "https://issues.redhat.com/browse/MTA-350", }, { category: "external", summary: "MTA-351", url: "https://issues.redhat.com/browse/MTA-351", }, { category: "external", summary: "MTA-356", url: "https://issues.redhat.com/browse/MTA-356", }, { category: "external", summary: "MTA-363", url: "https://issues.redhat.com/browse/MTA-363", }, { category: "external", summary: "MTA-364", url: "https://issues.redhat.com/browse/MTA-364", }, { category: "external", summary: "MTA-366", url: "https://issues.redhat.com/browse/MTA-366", }, { category: "external", summary: "MTA-367", url: "https://issues.redhat.com/browse/MTA-367", }, { category: "external", summary: "MTA-369", url: "https://issues.redhat.com/browse/MTA-369", }, { category: "external", summary: "MTA-375", url: "https://issues.redhat.com/browse/MTA-375", }, { category: "external", summary: "MTA-377", url: "https://issues.redhat.com/browse/MTA-377", }, { category: "external", summary: "MTA-378", url: "https://issues.redhat.com/browse/MTA-378", }, { category: "external", summary: "MTA-38", url: "https://issues.redhat.com/browse/MTA-38", }, { category: "external", summary: "MTA-381", url: "https://issues.redhat.com/browse/MTA-381", }, { category: "external", summary: "MTA-382", url: "https://issues.redhat.com/browse/MTA-382", }, { category: "external", summary: "MTA-388", url: "https://issues.redhat.com/browse/MTA-388", }, { category: "external", summary: "MTA-389", url: "https://issues.redhat.com/browse/MTA-389", }, { category: "external", summary: "MTA-391", url: "https://issues.redhat.com/browse/MTA-391", }, { category: "external", summary: "MTA-392", url: "https://issues.redhat.com/browse/MTA-392", }, { category: "external", summary: "MTA-41", url: "https://issues.redhat.com/browse/MTA-41", }, { category: "external", summary: "MTA-412", url: "https://issues.redhat.com/browse/MTA-412", }, { category: "external", summary: "MTA-428", url: "https://issues.redhat.com/browse/MTA-428", }, { category: "external", summary: "MTA-430", url: "https://issues.redhat.com/browse/MTA-430", }, { category: "external", summary: "MTA-438", url: "https://issues.redhat.com/browse/MTA-438", }, { category: "external", summary: "MTA-439", url: "https://issues.redhat.com/browse/MTA-439", }, { category: "external", summary: "MTA-443", url: "https://issues.redhat.com/browse/MTA-443", }, { category: "external", summary: "MTA-50", url: "https://issues.redhat.com/browse/MTA-50", }, { category: "external", summary: "MTA-51", url: "https://issues.redhat.com/browse/MTA-51", }, { category: "external", summary: "MTA-52", url: "https://issues.redhat.com/browse/MTA-52", }, { category: "external", summary: "MTA-55", url: "https://issues.redhat.com/browse/MTA-55", }, { category: "external", summary: "MTA-78", url: "https://issues.redhat.com/browse/MTA-78", }, { category: "external", summary: "MTA-99", url: "https://issues.redhat.com/browse/MTA-99", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2041.json", }, ], title: "Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update", tracking: { current_release_date: "2024-12-17T22:57:12+00:00", generator: { date: "2024-12-17T22:57:12+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:2041", initial_release_date: "2023-04-27T00:48:48+00:00", revision_history: [ { date: "2023-04-27T00:48:48+00:00", number: "1", summary: "Initial version", }, { date: "2023-04-27T00:48:48+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-17T22:57:12+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "MTA 6.1 for RHEL 8", product: { name: "MTA 6.1 for RHEL 8", product_id: "8Base-MTA-6.1", product_identification_helper: { cpe: "cpe:/a:redhat:migration_toolkit_applications:6.1::el8", }, }, }, ], category: "product_family", name: "Migration Toolkit for Applications", }, { branches: [ { category: "product_version", name: "mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", product: { name: "mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", product_id: "mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", product_identification_helper: { purl: "pkg:oci/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166?arch=amd64&repository_url=registry.redhat.io/mta/mta-hub-rhel8&tag=6.1.0-10", }, }, }, { category: "product_version", name: "mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", product: { name: "mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", product_id: "mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", product_identification_helper: { purl: "pkg:oci/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35?arch=amd64&repository_url=registry.redhat.io/mta/mta-operator-bundle&tag=6.1.0-16", }, }, }, { category: "product_version", name: "mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", product: { name: "mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", product_id: "mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", product_identification_helper: { purl: "pkg:oci/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09?arch=amd64&repository_url=registry.redhat.io/mta/mta-rhel8-operator&tag=6.1.0-11", }, }, }, { category: "product_version", name: "mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", product: { name: "mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", product_id: "mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", product_identification_helper: { purl: "pkg:oci/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46?arch=amd64&repository_url=registry.redhat.io/mta/mta-pathfinder-rhel8&tag=6.1.0-7", }, }, }, { category: "product_version", name: "mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", product: { name: "mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", product_id: "mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", product_identification_helper: { purl: "pkg:oci/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685?arch=amd64&repository_url=registry.redhat.io/mta/mta-ui-rhel8&tag=6.1.0-13", }, }, }, { category: "product_version", name: "mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", product: { name: "mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", product_id: "mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", product_identification_helper: { purl: "pkg:oci/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0?arch=amd64&repository_url=registry.redhat.io/mta/mta-windup-addon-rhel8&tag=6.1.0-11", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64 as a component of MTA 6.1 for RHEL 8", product_id: "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", }, product_reference: "mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", relates_to_product_reference: "8Base-MTA-6.1", }, { category: "default_component_of", full_product_name: { name: "mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64 as a component of MTA 6.1 for RHEL 8", product_id: "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", }, product_reference: "mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", relates_to_product_reference: "8Base-MTA-6.1", }, { category: "default_component_of", full_product_name: { name: "mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64 as a component of MTA 6.1 for RHEL 8", product_id: "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", }, product_reference: "mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", relates_to_product_reference: "8Base-MTA-6.1", }, { category: "default_component_of", full_product_name: { name: "mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64 as a component of MTA 6.1 for RHEL 8", product_id: "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", }, product_reference: "mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", relates_to_product_reference: "8Base-MTA-6.1", }, { category: "default_component_of", full_product_name: { name: "mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64 as a component of MTA 6.1 for RHEL 8", product_id: "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", }, product_reference: "mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", relates_to_product_reference: "8Base-MTA-6.1", }, { category: "default_component_of", full_product_name: { name: "mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64 as a component of MTA 6.1 for RHEL 8", product_id: "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", }, product_reference: "mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", relates_to_product_reference: "8Base-MTA-6.1", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], known_not_affected: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-27T00:48:48+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2041", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { cve: "CVE-2022-31690", cwe: { id: "CWE-269", name: "Improper Privilege Management", }, discovery_date: "2023-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2162200", }, ], notes: [ { category: "description", text: "A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker can gain elevated privileges on the system.", title: "Vulnerability description", }, { category: "summary", text: "spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel-K, Camel-Quarkus, and Camel-SpringBoot do not directly use or ship the affected software, but do have references to it in their Maven POMs. As such their impact has been reduced to Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], known_not_affected: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-31690", }, { category: "external", summary: "RHBZ#2162200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162200", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-31690", url: "https://www.cve.org/CVERecord?id=CVE-2022-31690", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-31690", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-31690", }, { category: "external", summary: "https://spring.io/security/cve-2022-31690", url: "https://spring.io/security/cve-2022-31690", }, ], release_date: "2022-10-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-27T00:48:48+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2041", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client", }, { cve: "CVE-2022-41966", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2023-02-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2170431", }, ], notes: [ { category: "description", text: "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.", title: "Vulnerability description", }, { category: "summary", text: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], known_not_affected: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41966", }, { category: "external", summary: "RHBZ#2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41966", url: "https://www.cve.org/CVERecord?id=CVE-2022-41966", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", }, { category: "external", summary: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", url: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", }, ], release_date: "2022-12-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-27T00:48:48+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2041", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], known_not_affected: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-27T00:48:48+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2041", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, ], }
RHSA-2023:2135
Vulnerability from csaf_redhat
Published
2023-05-04 15:59
Modified
2025-03-14 23:59
Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.3 security update
Notes
Topic
An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fixes:
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* undertow: Infinite loop in SslConduit during close (CVE-2023-1108)
* commons-text: apache-commons-text: variable interpolation RCE (CVE-2022-42889)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fixes:\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\n* commons-text: apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:2135", url: "https://access.redhat.com/errata/RHSA-2023:2135", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135435", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135435", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2174246", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2174246", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2135.json", }, ], title: "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.3 security update", tracking: { current_release_date: "2025-03-14T23:59:20+00:00", generator: { date: "2025-03-14T23:59:20+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:2135", initial_release_date: "2023-05-04T15:59:31+00:00", revision_history: [ { date: "2023-05-04T15:59:31+00:00", number: "1", summary: "Initial version", }, { date: "2023-05-04T15:59:31+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T23:59:20+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHPAM 7.13.1 async", product: { name: "RHPAM 7.13.1 async", product_id: "RHPAM 7.13.1 async", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", }, }, }, ], category: "product_family", name: "Red Hat Process Automation Manager", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { cve: "CVE-2022-4244", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-12-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2149841", }, ], notes: [ { category: "description", text: "A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.", title: "Vulnerability description", }, { category: "summary", text: "codehaus-plexus: Directory Traversal", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Single Sign-On uses this package for testing purposes and is not delivered with the distribution. Hence not affected status.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4244", }, { category: "external", summary: "RHBZ#2149841", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2149841", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4244", url: "https://www.cve.org/CVERecord?id=CVE-2022-4244", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4244", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4244", }, ], release_date: "2022-12-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "codehaus-plexus: Directory Traversal", }, { cve: "CVE-2022-4245", cwe: { id: "CWE-91", name: "XML Injection (aka Blind XPath Injection)", }, discovery_date: "2022-12-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2149843", }, ], notes: [ { category: "description", text: "A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.", title: "Vulnerability description", }, { category: "summary", text: "codehaus-plexus: XML External Entity (XXE) Injection", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4245", }, { category: "external", summary: "RHBZ#2149843", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2149843", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4245", url: "https://www.cve.org/CVERecord?id=CVE-2022-4245", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4245", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4245", }, ], release_date: "2022-12-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "codehaus-plexus: XML External Entity (XXE) Injection", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-42889", cwe: { id: "CWE-1188", name: "Initialization of a Resource with an Insecure Default", }, discovery_date: "2022-10-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135435", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.", title: "Vulnerability description", }, { category: "summary", text: "apache-commons-text: variable interpolation RCE", title: "Vulnerability summary", }, { category: "other", text: "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42889", }, { category: "external", summary: "RHBZ#2135435", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135435", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42889", url: "https://www.cve.org/CVERecord?id=CVE-2022-42889", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42889", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42889", }, { category: "external", summary: "https://blogs.apache.org/security/entry/cve-2022-42889", url: "https://blogs.apache.org/security/entry/cve-2022-42889", }, { category: "external", summary: "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om", url: "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om", }, { category: "external", summary: "https://seclists.org/oss-sec/2022/q4/22", url: "https://seclists.org/oss-sec/2022/q4/22", }, ], release_date: "2022-10-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, { category: "workaround", details: "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.", product_ids: [ "RHPAM 7.13.1 async", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-commons-text: variable interpolation RCE", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46363", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155681", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", title: "Vulnerability description", }, { category: "summary", text: "CXF: directory listing / code exfiltration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46363", }, { category: "external", summary: "RHBZ#2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46363", url: "https://www.cve.org/CVERecord?id=CVE-2022-46363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", }, { category: "external", summary: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", url: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: directory listing / code exfiltration", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, { cve: "CVE-2023-1108", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2023-02-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2174246", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.", title: "Vulnerability description", }, { category: "summary", text: "Undertow: Infinite loop in SslConduit during close", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1108", }, { category: "external", summary: "RHBZ#2174246", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2174246", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1108", url: "https://www.cve.org/CVERecord?id=CVE-2023-1108", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1108", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1108", }, { category: "external", summary: "https://github.com/advisories/GHSA-m4mm-pg93-fv78", url: "https://github.com/advisories/GHSA-m4mm-pg93-fv78", }, ], release_date: "2023-03-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Undertow: Infinite loop in SslConduit during close", }, ], }
rhsa-2023_1661
Vulnerability from csaf_redhat
Published
2023-04-05 13:34
Modified
2024-11-22 21:10
Summary
Red Hat Security Advisory: Red Hat AMQ Broker 7.11.0 release and security update
Notes
Topic
Red Hat AMQ Broker 7.11.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.
This release of Red Hat AMQ Broker 7.11.0 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* springframework: DoS via data binding to multipartFile or servlet part (CVE-2022-22970)
* springframework: DoS with STOMP over WebSocket (CVE-2022-22971)
* WildFly: possible information disclosure (CVE-2022-1278)
* jetty-http: improver hostname input handling (CVE-2022-2047)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat AMQ Broker 7.11.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.\n\nThis release of Red Hat AMQ Broker 7.11.0 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* springframework: DoS via data binding to multipartFile or servlet part (CVE-2022-22970)\n\n* springframework: DoS with STOMP over WebSocket (CVE-2022-22971)\n\n* WildFly: possible information disclosure (CVE-2022-1278)\n\n* jetty-http: improver hostname input handling (CVE-2022-2047)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:1661", url: "https://access.redhat.com/errata/RHSA-2023:1661", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.11.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.11.0", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.11", url: "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.11", }, { category: "external", summary: "2073401", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073401", }, { category: "external", summary: "2087272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087272", }, { category: "external", summary: "2087274", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087274", }, { category: "external", summary: "2116949", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2116949", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1661.json", }, ], title: "Red Hat Security Advisory: Red Hat AMQ Broker 7.11.0 release and security update", tracking: { current_release_date: "2024-11-22T21:10:48+00:00", generator: { date: "2024-11-22T21:10:48+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:1661", initial_release_date: "2023-04-05T13:34:59+00:00", revision_history: [ { date: "2023-04-05T13:34:59+00:00", number: "1", summary: "Initial version", }, { date: "2023-04-05T13:34:59+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:10:48+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "AMQ Broker 7.11.0", product: { name: "AMQ Broker 7.11.0", product_id: "AMQ Broker 7.11.0", product_identification_helper: { cpe: "cpe:/a:redhat:amq_broker:7", }, }, }, ], category: "product_family", name: "Red Hat JBoss AMQ", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-1278", cwe: { id: "CWE-1188", name: "Initialization of a Resource with an Insecure Default", }, discovery_date: "2022-04-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073401", }, ], notes: [ { category: "description", text: "A flaw was found in WildFly. This flaw allows an attacker to see deployment names, endpoints, and any other data the trace payload may contain.", title: "Vulnerability description", }, { category: "summary", text: "WildFly: possible information disclosure", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.11.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1278", }, { category: "external", summary: "RHBZ#2073401", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073401", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1278", url: "https://www.cve.org/CVERecord?id=CVE-2022-1278", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1278", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1278", }, ], release_date: "2022-04-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-05T13:34:59+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.11.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1661", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "AMQ Broker 7.11.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "WildFly: possible information disclosure", }, { cve: "CVE-2022-2047", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-08-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2116949", }, ], notes: [ { category: "description", text: "A flaw was found in Eclipse Jetty. When parsing the authority segment of an HTTP scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This issue can lead to failures in a Proxy scenario.", title: "Vulnerability description", }, { category: "summary", text: "jetty-http: improver hostname input handling", title: "Vulnerability summary", }, { category: "other", text: "In Red Hat Satellite jetty was used to build index files to search documentation. Nowadays in Satellite 6.9 and 6.10 jetty dependency is not in use and there is no access to it, so there is no way this vulnerability can be exploitable. Therefore Satellite supported versions are not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.11.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2047", }, { category: "external", summary: "RHBZ#2116949", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2116949", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2047", url: "https://www.cve.org/CVERecord?id=CVE-2022-2047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2047", }, { category: "external", summary: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q", url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q", }, ], release_date: "2022-07-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-05T13:34:59+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.11.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1661", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "AMQ Broker 7.11.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jetty-http: improver hostname input handling", }, { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.11.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-05T13:34:59+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.11.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1661", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "AMQ Broker 7.11.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { cve: "CVE-2022-22970", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2087272", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. Applications that handle file uploads are vulnerable to a denial of service (DoS) attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.", title: "Vulnerability description", }, { category: "summary", text: "springframework: DoS via data binding to multipartFile or servlet part", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.11.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-22970", }, { category: "external", summary: "RHBZ#2087272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087272", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-22970", url: "https://www.cve.org/CVERecord?id=CVE-2022-22970", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-22970", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-22970", }, { category: "external", summary: "https://tanzu.vmware.com/security/cve-2022-22970", url: "https://tanzu.vmware.com/security/cve-2022-22970", }, ], release_date: "2022-05-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-05T13:34:59+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.11.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1661", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AMQ Broker 7.11.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "springframework: DoS via data binding to multipartFile or servlet part", }, { cve: "CVE-2022-22971", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2087274", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user.", title: "Vulnerability description", }, { category: "summary", text: "springframework: DoS with STOMP over WebSocket", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.11.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-22971", }, { category: "external", summary: "RHBZ#2087274", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087274", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-22971", url: "https://www.cve.org/CVERecord?id=CVE-2022-22971", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-22971", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-22971", }, { category: "external", summary: "https://tanzu.vmware.com/security/cve-2022-22971", url: "https://tanzu.vmware.com/security/cve-2022-22971", }, ], release_date: "2022-05-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-05T13:34:59+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.11.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1661", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AMQ Broker 7.11.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "springframework: DoS with STOMP over WebSocket", }, ], }
rhsa-2023:1285
Vulnerability from csaf_redhat
Published
2023-03-16 07:57
Modified
2025-03-14 22:47
Summary
Red Hat Security Advisory: Migration Toolkit for Runtimes security bug fix and enhancement update
Notes
Topic
Migration Toolkit for Runtimes 1.0.2 release
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Migration Toolkit for Runtimes 1.0.2 ZIP artifacts
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)
* Apache CXF: SSRF Vulnerability (CVE-2022-46364)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Migration Toolkit for Runtimes 1.0.2 release\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Migration Toolkit for Runtimes 1.0.2 ZIP artifacts\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)\n\n* Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:1285", url: "https://access.redhat.com/errata/RHSA-2023:1285", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes&downloadType=distributions", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes&downloadType=distributions", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2162200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162200", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1285.json", }, ], title: "Red Hat Security Advisory: Migration Toolkit for Runtimes security bug fix and enhancement update", tracking: { current_release_date: "2025-03-14T22:47:41+00:00", generator: { date: "2025-03-14T22:47:41+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:1285", initial_release_date: "2023-03-16T07:57:03+00:00", revision_history: [ { date: "2023-03-16T07:57:03+00:00", number: "1", summary: "Initial version", }, { date: "2023-03-16T07:57:03+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T22:47:41+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Migration Toolkit for Runtimes 1 on RHEL 8", product: { name: "Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "Migration Toolkit for Runtimes 1 on RHEL 8", product_identification_helper: { cpe: "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", }, }, }, ], category: "product_family", name: "Migration Toolkit for Runtimes", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-16T07:57:03+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1285", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { cve: "CVE-2022-31690", cwe: { id: "CWE-269", name: "Improper Privilege Management", }, discovery_date: "2023-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2162200", }, ], notes: [ { category: "description", text: "A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker can gain elevated privileges on the system.", title: "Vulnerability description", }, { category: "summary", text: "spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel-K, Camel-Quarkus, and Camel-SpringBoot do not directly use or ship the affected software, but do have references to it in their Maven POMs. As such their impact has been reduced to Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-31690", }, { category: "external", summary: "RHBZ#2162200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162200", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-31690", url: "https://www.cve.org/CVERecord?id=CVE-2022-31690", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-31690", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-31690", }, { category: "external", summary: "https://spring.io/security/cve-2022-31690", url: "https://spring.io/security/cve-2022-31690", }, ], release_date: "2022-10-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-16T07:57:03+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1285", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-16T07:57:03+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1285", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, ], }
rhsa-2022:8965
Vulnerability from csaf_redhat
Published
2022-12-13 14:04
Modified
2025-03-14 22:46
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update
Notes
Topic
An update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the following security fixes.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the following security fixes.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8965", url: "https://access.redhat.com/errata/RHSA-2022:8965", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.6", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.6", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "CIAM-4411", url: "https://issues.redhat.com/browse/CIAM-4411", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8965.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update", tracking: { current_release_date: "2025-03-14T22:46:04+00:00", generator: { date: "2025-03-14T22:46:04+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2022:8965", initial_release_date: "2022-12-13T14:04:59+00:00", revision_history: [ { date: "2022-12-13T14:04:59+00:00", number: "1", summary: "Initial version", }, { date: "2022-12-13T14:04:59+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T22:46:04+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6.1", product: { name: "Red Hat Single Sign-On 7.6.1", product_id: "Red Hat Single Sign-On 7.6.1", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6.1", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:04:59+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8965", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { acknowledgments: [ { names: [ "Peter Flintholm", ], organization: "Trifork", }, ], cve: "CVE-2022-3916", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2022-11-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2141404", }, ], notes: [ { category: "description", text: "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Session takeover with OIDC offline refreshtokens", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3916", }, { category: "external", summary: "RHBZ#2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3916", url: "https://www.cve.org/CVERecord?id=CVE-2022-3916", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", }, ], release_date: "2022-11-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:04:59+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8965", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Session takeover with OIDC offline refreshtokens", }, ], }
rhsa-2023:3185
Vulnerability from csaf_redhat
Published
2023-05-17 13:58
Modified
2025-03-14 23:39
Summary
Red Hat Security Advisory: Red Hat AMQ Broker 7.10.3 release and security update
Notes
Topic
Red Hat AMQ Broker 7.10.3 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.
This release of Red Hat AMQ Broker 7.10.3 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* springframework: DoS via data binding to multipartFile or servlet part (CVE-2022-22970)
* springframework: DoS with STOMP over WebSocket (CVE-2022-22971)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)
* RESTEasy: creation of insecure temp files (CVE-2023-0482)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat AMQ Broker 7.10.3 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.\n\nThis release of Red Hat AMQ Broker 7.10.3 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* springframework: DoS via data binding to multipartFile or servlet part (CVE-2022-22970)\n\n* springframework: DoS with STOMP over WebSocket (CVE-2022-22971)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:3185", url: "https://access.redhat.com/errata/RHSA-2023:3185", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.10.3", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.10.3", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.10", url: "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.10", }, { category: "external", summary: "2087272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087272", }, { category: "external", summary: "2087274", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087274", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2166004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2166004", }, { category: "external", summary: "2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3185.json", }, ], title: "Red Hat Security Advisory: Red Hat AMQ Broker 7.10.3 release and security update", tracking: { current_release_date: "2025-03-14T23:39:50+00:00", generator: { date: "2025-03-14T23:39:50+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:3185", initial_release_date: "2023-05-17T13:58:49+00:00", revision_history: [ { date: "2023-05-17T13:58:49+00:00", number: "1", summary: "Initial version", }, { date: "2023-05-17T13:58:49+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T23:39:50+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "AMQ Broker 7.10.3", product: { name: "AMQ Broker 7.10.3", product_id: "AMQ Broker 7.10.3", product_identification_helper: { cpe: "cpe:/a:redhat:amq_broker:7", }, }, }, ], category: "product_family", name: "Red Hat JBoss AMQ", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.10.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-17T13:58:49+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.10.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3185", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "AMQ Broker 7.10.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { cve: "CVE-2022-22970", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2087272", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. Applications that handle file uploads are vulnerable to a denial of service (DoS) attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.", title: "Vulnerability description", }, { category: "summary", text: "springframework: DoS via data binding to multipartFile or servlet part", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.10.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-22970", }, { category: "external", summary: "RHBZ#2087272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087272", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-22970", url: "https://www.cve.org/CVERecord?id=CVE-2022-22970", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-22970", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-22970", }, { category: "external", summary: "https://tanzu.vmware.com/security/cve-2022-22970", url: "https://tanzu.vmware.com/security/cve-2022-22970", }, ], release_date: "2022-05-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-17T13:58:49+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.10.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AMQ Broker 7.10.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "springframework: DoS via data binding to multipartFile or servlet part", }, { cve: "CVE-2022-22971", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2087274", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user.", title: "Vulnerability description", }, { category: "summary", text: "springframework: DoS with STOMP over WebSocket", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.10.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-22971", }, { category: "external", summary: "RHBZ#2087274", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087274", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-22971", url: "https://www.cve.org/CVERecord?id=CVE-2022-22971", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-22971", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-22971", }, { category: "external", summary: "https://tanzu.vmware.com/security/cve-2022-22971", url: "https://tanzu.vmware.com/security/cve-2022-22971", }, ], release_date: "2022-05-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-17T13:58:49+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.10.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3185", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AMQ Broker 7.10.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "springframework: DoS with STOMP over WebSocket", }, { cve: "CVE-2023-0482", cwe: { id: "CWE-378", name: "Creation of Temporary File With Insecure Permissions", }, discovery_date: "2023-01-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2166004", }, ], notes: [ { category: "description", text: "In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.", title: "Vulnerability description", }, { category: "summary", text: "RESTEasy: creation of insecure temp files", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.10.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0482", }, { category: "external", summary: "RHBZ#2166004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2166004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0482", url: "https://www.cve.org/CVERecord?id=CVE-2023-0482", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0482", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0482", }, ], release_date: "2023-01-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-17T13:58:49+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.10.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3185", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "AMQ Broker 7.10.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "RESTEasy: creation of insecure temp files", }, { cve: "CVE-2023-20860", cwe: { id: "CWE-155", name: "Improper Neutralization of Wildcards or Matching Symbols", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180528", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", title: "Vulnerability description", }, { category: "summary", text: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.10.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20860", }, { category: "external", summary: "RHBZ#2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20860", url: "https://www.cve.org/CVERecord?id=CVE-2023-20860", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-17T13:58:49+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.10.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3185", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "AMQ Broker 7.10.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", }, { cve: "CVE-2023-20861", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180530", }, ], notes: [ { category: "description", text: "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "springframework: Spring Expression DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.10.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20861", }, { category: "external", summary: "RHBZ#2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20861", url: "https://www.cve.org/CVERecord?id=CVE-2023-20861", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-17T13:58:49+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.10.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3185", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "AMQ Broker 7.10.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "springframework: Spring Expression DoS Vulnerability", }, ], }
rhsa-2022_8963
Vulnerability from csaf_redhat
Published
2022-12-13 14:03
Modified
2024-11-22 21:10
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 9
Notes
Topic
New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8963", url: "https://access.redhat.com/errata/RHSA-2022:8963", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "CIAM-4414", url: "https://issues.redhat.com/browse/CIAM-4414", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8963.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 9", tracking: { current_release_date: "2024-11-22T21:10:46+00:00", generator: { date: "2024-11-22T21:10:46+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:8963", initial_release_date: "2022-12-13T14:03:11+00:00", revision_history: [ { date: "2022-12-13T14:03:11+00:00", number: "1", summary: "Initial version", }, { date: "2022-12-13T14:03:11+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:10:46+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 9", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00002.1.el9sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00002.1.el9sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00002.1.el9sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:03:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8963", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { acknowledgments: [ { names: [ "Peter Flintholm", ], organization: "Trifork", }, ], cve: "CVE-2022-3916", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2022-11-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2141404", }, ], notes: [ { category: "description", text: "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Session takeover with OIDC offline refreshtokens", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3916", }, { category: "external", summary: "RHBZ#2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3916", url: "https://www.cve.org/CVERecord?id=CVE-2022-3916", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", }, ], release_date: "2022-11-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:03:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8963", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Session takeover with OIDC offline refreshtokens", }, ], }
RHSA-2023:3815
Vulnerability from csaf_redhat
Published
2023-06-27 11:28
Modified
2025-03-24 12:03
Summary
Red Hat Security Advisory: Service Registry (container images) release and security update [2.4.3 GA]
Notes
Topic
An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat Integration - Service Registry 2.4.3 GA includes the following security fixes.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* protobuf-java: Textformat parsing issue leads to DoS (CVE-2022-3509)
* protobuf-java: Message-Type Extensions parsing issue leads to DoS (CVE-2022-3510)
* json-pointer: prototype pollution in json-pointer (CVE-2022-4742)
* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787)
* graphql-java: crafted GraphQL query causes stack consumption (CVE-2023-28867)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of Red Hat Integration - Service Registry 2.4.3 GA includes the following security fixes.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* protobuf-java: Textformat parsing issue leads to DoS (CVE-2022-3509)\n\n* protobuf-java: Message-Type Extensions parsing issue leads to DoS (CVE-2022-3510)\n\n* json-pointer: prototype pollution in json-pointer (CVE-2022-4742)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787)\n\n* graphql-java: crafted GraphQL query causes stack consumption (CVE-2023-28867)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:3815", url: "https://access.redhat.com/errata/RHSA-2023:3815", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2156333", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156333", }, { category: "external", summary: "2158916", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158916", }, { category: "external", summary: "2165824", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2165824", }, { category: "external", summary: "2181977", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2181977", }, { category: "external", summary: "2184161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2184161", }, { category: "external", summary: "2184176", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2184176", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3815.json", }, ], title: "Red Hat Security Advisory: Service Registry (container images) release and security update [2.4.3 GA]", tracking: { current_release_date: "2025-03-24T12:03:33+00:00", generator: { date: "2025-03-24T12:03:33+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:3815", initial_release_date: "2023-06-27T11:28:55+00:00", revision_history: [ { date: "2023-06-27T11:28:55+00:00", number: "1", summary: "Initial version", }, { date: "2023-06-27T11:28:55+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-24T12:03:33+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHINT Service Registry 2.4.3 GA", product: { name: "RHINT Service Registry 2.4.3 GA", product_id: "RHINT Service Registry 2.4.3 GA", product_identification_helper: { cpe: "cpe:/a:redhat:service_registry:2.4", }, }, }, ], category: "product_family", name: "Red Hat Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2022-3509", cwe: { id: "CWE-915", name: "Improperly Controlled Modification of Dynamically-Determined Object Attributes", }, discovery_date: "2022-12-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2184161", }, ], notes: [ { category: "description", text: "A flaw was found in Textformat in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.", title: "Vulnerability description", }, { category: "summary", text: "protobuf-java: Textformat parsing issue leads to DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3509", }, { category: "external", summary: "RHBZ#2184161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2184161", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3509", url: "https://www.cve.org/CVERecord?id=CVE-2022-3509", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3509", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3509", }, ], release_date: "2022-12-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "protobuf-java: Textformat parsing issue leads to DoS", }, { cve: "CVE-2022-3510", cwe: { id: "CWE-915", name: "Improperly Controlled Modification of Dynamically-Determined Object Attributes", }, discovery_date: "2022-12-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2184176", }, ], notes: [ { category: "description", text: "A flaw was found in Message-Type Extensions in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.", title: "Vulnerability description", }, { category: "summary", text: "protobuf-java: Message-Type Extensions parsing issue leads to DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3510", }, { category: "external", summary: "RHBZ#2184176", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2184176", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3510", url: "https://www.cve.org/CVERecord?id=CVE-2022-3510", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3510", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3510", }, ], release_date: "2022-12-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "protobuf-java: Message-Type Extensions parsing issue leads to DoS", }, { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { cve: "CVE-2022-4742", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, discovery_date: "2022-12-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2156333", }, ], notes: [ { category: "description", text: "A flaw was found in the json-pointer package. The affected versions of this package are vulnerable to prototype pollution vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "json-pointer: prototype pollution in json-pointer", title: "Vulnerability summary", }, { category: "other", text: "The json-pointer is a transitive dependency and is not used directly in any of the Red Hat products. Hence, the impact is set to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4742", }, { category: "external", summary: "RHBZ#2156333", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156333", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4742", url: "https://www.cve.org/CVERecord?id=CVE-2022-4742", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4742", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4742", }, ], release_date: "2022-12-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "json-pointer: prototype pollution in json-pointer", }, { cve: "CVE-2022-25881", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2023-01-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2165824", }, ], notes: [ { category: "description", text: "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", title: "Vulnerability description", }, { category: "summary", text: "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-25881", }, { category: "external", summary: "RHBZ#2165824", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2165824", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-25881", url: "https://www.cve.org/CVERecord?id=CVE-2022-25881", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-25881", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-25881", }, ], release_date: "2023-01-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-45787", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2023-01-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2158916", }, ], notes: [ { category: "description", text: "A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions.", title: "Vulnerability description", }, { category: "summary", text: "apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45787", }, { category: "external", summary: "RHBZ#2158916", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158916", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45787", url: "https://www.cve.org/CVERecord?id=CVE-2022-45787", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45787", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45787", }, ], release_date: "2023-01-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider", }, { cve: "CVE-2023-28867", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2181977", }, ], notes: [ { category: "description", text: "A flaw was found in GraphQL Java. This issue may allow a malicious user to send a crafted GraphQL query that causes stack consumption, causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "graphql-java: crafted GraphQL query causes stack consumption", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28867", }, { category: "external", summary: "RHBZ#2181977", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2181977", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28867", url: "https://www.cve.org/CVERecord?id=CVE-2023-28867", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28867", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28867", }, ], release_date: "2023-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "graphql-java: crafted GraphQL query causes stack consumption", }, ], }
rhsa-2023:2135
Vulnerability from csaf_redhat
Published
2023-05-04 15:59
Modified
2025-03-14 23:59
Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.3 security update
Notes
Topic
An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fixes:
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* undertow: Infinite loop in SslConduit during close (CVE-2023-1108)
* commons-text: apache-commons-text: variable interpolation RCE (CVE-2022-42889)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fixes:\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\n* commons-text: apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:2135", url: "https://access.redhat.com/errata/RHSA-2023:2135", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135435", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135435", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2174246", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2174246", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2135.json", }, ], title: "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.3 security update", tracking: { current_release_date: "2025-03-14T23:59:20+00:00", generator: { date: "2025-03-14T23:59:20+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:2135", initial_release_date: "2023-05-04T15:59:31+00:00", revision_history: [ { date: "2023-05-04T15:59:31+00:00", number: "1", summary: "Initial version", }, { date: "2023-05-04T15:59:31+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T23:59:20+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHPAM 7.13.1 async", product: { name: "RHPAM 7.13.1 async", product_id: "RHPAM 7.13.1 async", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", }, }, }, ], category: "product_family", name: "Red Hat Process Automation Manager", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { cve: "CVE-2022-4244", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-12-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2149841", }, ], notes: [ { category: "description", text: "A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.", title: "Vulnerability description", }, { category: "summary", text: "codehaus-plexus: Directory Traversal", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Single Sign-On uses this package for testing purposes and is not delivered with the distribution. Hence not affected status.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4244", }, { category: "external", summary: "RHBZ#2149841", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2149841", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4244", url: "https://www.cve.org/CVERecord?id=CVE-2022-4244", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4244", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4244", }, ], release_date: "2022-12-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "codehaus-plexus: Directory Traversal", }, { cve: "CVE-2022-4245", cwe: { id: "CWE-91", name: "XML Injection (aka Blind XPath Injection)", }, discovery_date: "2022-12-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2149843", }, ], notes: [ { category: "description", text: "A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.", title: "Vulnerability description", }, { category: "summary", text: "codehaus-plexus: XML External Entity (XXE) Injection", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4245", }, { category: "external", summary: "RHBZ#2149843", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2149843", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4245", url: "https://www.cve.org/CVERecord?id=CVE-2022-4245", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4245", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4245", }, ], release_date: "2022-12-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "codehaus-plexus: XML External Entity (XXE) Injection", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-42889", cwe: { id: "CWE-1188", name: "Initialization of a Resource with an Insecure Default", }, discovery_date: "2022-10-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135435", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.", title: "Vulnerability description", }, { category: "summary", text: "apache-commons-text: variable interpolation RCE", title: "Vulnerability summary", }, { category: "other", text: "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42889", }, { category: "external", summary: "RHBZ#2135435", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135435", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42889", url: "https://www.cve.org/CVERecord?id=CVE-2022-42889", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42889", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42889", }, { category: "external", summary: "https://blogs.apache.org/security/entry/cve-2022-42889", url: "https://blogs.apache.org/security/entry/cve-2022-42889", }, { category: "external", summary: "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om", url: "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om", }, { category: "external", summary: "https://seclists.org/oss-sec/2022/q4/22", url: "https://seclists.org/oss-sec/2022/q4/22", }, ], release_date: "2022-10-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, { category: "workaround", details: "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.", product_ids: [ "RHPAM 7.13.1 async", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-commons-text: variable interpolation RCE", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46363", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155681", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", title: "Vulnerability description", }, { category: "summary", text: "CXF: directory listing / code exfiltration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46363", }, { category: "external", summary: "RHBZ#2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46363", url: "https://www.cve.org/CVERecord?id=CVE-2022-46363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", }, { category: "external", summary: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", url: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: directory listing / code exfiltration", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, { cve: "CVE-2023-1108", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2023-02-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2174246", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.", title: "Vulnerability description", }, { category: "summary", text: "Undertow: Infinite loop in SslConduit during close", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1108", }, { category: "external", summary: "RHBZ#2174246", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2174246", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1108", url: "https://www.cve.org/CVERecord?id=CVE-2023-1108", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1108", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1108", }, { category: "external", summary: "https://github.com/advisories/GHSA-m4mm-pg93-fv78", url: "https://github.com/advisories/GHSA-m4mm-pg93-fv78", }, ], release_date: "2023-03-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Undertow: Infinite loop in SslConduit during close", }, ], }
RHSA-2023:1049
Vulnerability from csaf_redhat
Published
2023-03-01 21:58
Modified
2025-03-25 17:03
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update
Notes
Topic
A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* keycloak: missing email notification template allowlist (CVE-2022-1274)
* keycloak: minimist: prototype pollution (CVE-2021-44906)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)
* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)
* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
* keycloak: reflected XSS attack (CVE-2022-4137)
* Keycloak Node.js Adapter: Open redirect vulnerability in checkSSO (CVE-2022-2237)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* keycloak: reflected XSS attack (CVE-2022-4137)\n* Keycloak Node.js Adapter: Open redirect vulnerability in checkSSO (CVE-2022-2237)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:1049", url: "https://access.redhat.com/errata/RHSA-2023:1049", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "2031904", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031904", }, { category: "external", summary: "2066009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066009", }, { category: "external", summary: "2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "2073157", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073157", }, { category: "external", summary: "2097007", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097007", }, { category: "external", summary: "2105075", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105075", }, { category: "external", summary: "2117506", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117506", }, { category: "external", summary: "2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2140597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140597", }, { category: "external", summary: "2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2148496", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2148496", }, { category: "external", summary: "2150009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2150009", }, { category: "external", summary: "2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "2156263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156263", }, { category: "external", summary: "2156324", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156324", }, { category: "external", summary: "2158585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158585", }, { category: "external", summary: "2160585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2160585", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1049.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update", tracking: { current_release_date: "2025-03-25T17:03:41+00:00", generator: { date: "2025-03-25T17:03:41+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:1049", initial_release_date: "2023-03-01T21:58:17+00:00", revision_history: [ { date: "2023-03-01T21:58:17+00:00", number: "1", summary: "Initial version", }, { date: "2023-03-01T21:58:17+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-25T17:03:41+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7", product: { name: "Red Hat Single Sign-On 7", product_id: "Red Hat Single Sign-On 7", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2018-14040", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601614", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14040", }, { category: "external", summary: "RHBZ#1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14040", url: "https://www.cve.org/CVERecord?id=CVE-2018-14040", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", }, { cve: "CVE-2018-14042", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601617", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14042", }, { category: "external", summary: "RHBZ#1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14042", url: "https://www.cve.org/CVERecord?id=CVE-2018-14042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", }, { cve: "CVE-2019-11358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-03-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1701972", }, ], notes: [ { category: "description", text: "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11358", }, { category: "external", summary: "RHBZ#1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11358", url: "https://www.cve.org/CVERecord?id=CVE-2019-11358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", }, { category: "external", summary: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { category: "external", summary: "https://www.drupal.org/sa-core-2019-006", url: "https://www.drupal.org/sa-core-2019-006", }, ], release_date: "2019-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", }, { cve: "CVE-2020-11022", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-04-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1828406", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", title: "Vulnerability summary", }, { category: "other", text: "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11022", }, { category: "external", summary: "RHBZ#1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11022", url: "https://www.cve.org/CVERecord?id=CVE-2020-11022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", }, { category: "external", summary: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", url: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", }, ], release_date: "2020-04-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", }, { cve: "CVE-2020-11023", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-06-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1850004", }, ], notes: [ { category: "description", text: "A flaw was found in jQuery. HTML containing \\<option\\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The 'gcc' and 'tbb' packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the 'gcc' component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11023", }, { category: "external", summary: "RHBZ#1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11023", url: "https://www.cve.org/CVERecord?id=CVE-2020-11023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", }, { category: "external", summary: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2020-04-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "Red Hat Single Sign-On 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "exploit_status", date: "2025-01-23T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Moderate", }, ], title: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", }, { cve: "CVE-2021-35065", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-12-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2156324", }, ], notes: [ { category: "description", text: "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", title: "Vulnerability description", }, { category: "summary", text: "glob-parent: Regular Expression Denial of Service", title: "Vulnerability summary", }, { category: "other", text: "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-35065", }, { category: "external", summary: "RHBZ#2156324", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156324", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-35065", url: "https://www.cve.org/CVERecord?id=CVE-2021-35065", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", url: "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", }, ], release_date: "2022-12-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "glob-parent: Regular Expression Denial of Service", }, { cve: "CVE-2021-44906", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, discovery_date: "2022-03-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2066009", }, ], notes: [ { category: "description", text: "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", title: "Vulnerability description", }, { category: "summary", text: "minimist: prototype pollution", title: "Vulnerability summary", }, { category: "other", text: "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44906", }, { category: "external", summary: "RHBZ#2066009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44906", url: "https://www.cve.org/CVERecord?id=CVE-2021-44906", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", }, { category: "external", summary: "https://github.com/advisories/GHSA-xvch-5gv4-984h", url: "https://github.com/advisories/GHSA-xvch-5gv4-984h", }, ], release_date: "2022-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "minimist: prototype pollution", }, { acknowledgments: [ { names: [ "Marcus Nilsson", ], organization: "usd AG", }, ], cve: "CVE-2022-1274", cwe: { id: "CWE-80", name: "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", }, discovery_date: "2022-04-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073157", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: HTML injection in execute-actions-email Admin REST API", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1274", }, { category: "external", summary: "RHBZ#2073157", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073157", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1274", url: "https://www.cve.org/CVERecord?id=CVE-2022-1274", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", }, ], release_date: "2023-02-28T18:57:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: HTML injection in execute-actions-email Admin REST API", }, { acknowledgments: [ { names: [ "Grzegorz Tworek", ], organization: "SISOFT s.c.", }, ], cve: "CVE-2022-1438", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2021-12-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031904", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: XSS on impersonation under specific circumstances", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1438", }, { category: "external", summary: "RHBZ#2031904", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031904", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1438", url: "https://www.cve.org/CVERecord?id=CVE-2022-1438", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1438", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1438", }, ], release_date: "2023-02-28T18:56:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: XSS on impersonation under specific circumstances", }, { cve: "CVE-2022-1471", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-12-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2150009", }, ], notes: [ { category: "description", text: "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).", title: "Vulnerability description", }, { category: "summary", text: "SnakeYaml: Constructor Deserialization Remote Code Execution", title: "Vulnerability summary", }, { category: "other", text: "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml's SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker's control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml's Constructor class nor pass untrusted data to this class. When this class is used, it’s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1471", }, { category: "external", summary: "RHBZ#2150009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2150009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1471", url: "https://www.cve.org/CVERecord?id=CVE-2022-1471", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", url: "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", }, ], release_date: "2022-10-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "SnakeYaml: Constructor Deserialization Remote Code Execution", }, { acknowledgments: [ { names: [ "Aytaç Kalıncı", "Ilker Bulgurcu", "Yasin Yılmaz", ], organization: "NETAŞ PENTEST TEAM", }, ], cve: "CVE-2022-2237", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, discovery_date: "2022-06-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2097007", }, ], notes: [ { category: "description", text: "A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.", title: "Vulnerability description", }, { category: "summary", text: "Adapter: Open redirect vulnerability in checkSSO", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported. Therefore, this flaw will not be addressed in CodeReady Studio. Please see https://developers.redhat.com/articles/2022/04/18/announcement-red-hat-codeready-studio-reaches-end-life for more information.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2237", }, { category: "external", summary: "RHBZ#2097007", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097007", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2237", url: "https://www.cve.org/CVERecord?id=CVE-2022-2237", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2237", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2237", }, ], release_date: "2023-03-01T13:57:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Adapter: Open redirect vulnerability in checkSSO", }, { cve: "CVE-2022-2764", discovery_date: "2022-08-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2117506", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2764", }, { category: "external", summary: "RHBZ#2117506", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117506", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2764", url: "https://www.cve.org/CVERecord?id=CVE-2022-2764", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", }, ], release_date: "2022-08-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", }, { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { acknowledgments: [ { names: [ "Peter Flintholm", ], organization: "Trifork", }, ], cve: "CVE-2022-3916", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2022-11-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2141404", }, ], notes: [ { category: "description", text: "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Session takeover with OIDC offline refreshtokens", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3916", }, { category: "external", summary: "RHBZ#2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3916", url: "https://www.cve.org/CVERecord?id=CVE-2022-3916", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", }, ], release_date: "2022-11-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Session takeover with OIDC offline refreshtokens", }, { cve: "CVE-2022-4137", cwe: { id: "CWE-81", name: "Improper Neutralization of Script in an Error Message Web Page", }, discovery_date: "2022-11-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2148496", }, ], notes: [ { category: "description", text: "A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: reflected XSS attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4137", }, { category: "external", summary: "RHBZ#2148496", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2148496", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4137", url: "https://www.cve.org/CVERecord?id=CVE-2022-4137", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4137", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4137", }, ], release_date: "2023-03-01T13:56:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: reflected XSS attack", }, { cve: "CVE-2022-24785", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-04-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2072009", }, ], notes: [ { category: "description", text: "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", title: "Vulnerability description", }, { category: "summary", text: "Moment.js: Path traversal in moment.locale", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24785", }, { category: "external", summary: "RHBZ#2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24785", url: "https://www.cve.org/CVERecord?id=CVE-2022-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", url: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, { category: "workaround", details: "Sanitize the user-provided locale name before passing it to Moment.js.", product_ids: [ "Red Hat Single Sign-On 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Moment.js: Path traversal in moment.locale", }, { cve: "CVE-2022-25857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2126789", }, ], notes: [ { category: "description", text: "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", title: "Vulnerability summary", }, { category: "other", text: "For RHEL-8 it's downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn't shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it's not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-25857", }, { category: "external", summary: "RHBZ#2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-25857", url: "https://www.cve.org/CVERecord?id=CVE-2022-25857", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", }, ], release_date: "2022-08-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", }, { cve: "CVE-2022-31129", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-07-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2105075", }, ], notes: [ { category: "description", text: "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", title: "Vulnerability description", }, { category: "summary", text: "moment: inefficient parsing algorithm resulting in DoS", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-31129", }, { category: "external", summary: "RHBZ#2105075", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105075", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-31129", url: "https://www.cve.org/CVERecord?id=CVE-2022-31129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", url: "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", }, ], release_date: "2022-07-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "moment: inefficient parsing algorithm resulting in DoS", }, { cve: "CVE-2022-37603", cwe: { id: "CWE-185", name: "Incorrect Regular Expression", }, discovery_date: "2022-11-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2140597", }, ], notes: [ { category: "description", text: "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.", title: "Vulnerability description", }, { category: "summary", text: "loader-utils: Regular expression denial of service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-37603", }, { category: "external", summary: "RHBZ#2140597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-37603", url: "https://www.cve.org/CVERecord?id=CVE-2022-37603", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", }, ], release_date: "2022-10-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "loader-utils: Regular expression denial of service", }, { cve: "CVE-2022-38749", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129706", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38749", }, { category: "external", summary: "RHBZ#2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38749", url: "https://www.cve.org/CVERecord?id=CVE-2022-38749", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", }, { cve: "CVE-2022-38750", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129707", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38750", }, { category: "external", summary: "RHBZ#2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38750", url: "https://www.cve.org/CVERecord?id=CVE-2022-38750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", }, { cve: "CVE-2022-38751", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129709", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38751", }, { category: "external", summary: "RHBZ#2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38751", url: "https://www.cve.org/CVERecord?id=CVE-2022-38751", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "Red Hat Single Sign-On 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46175", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, discovery_date: "2022-12-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2156263", }, ], notes: [ { category: "description", text: "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", title: "Vulnerability description", }, { category: "summary", text: "json5: Prototype Pollution in JSON5 via Parse Method", title: "Vulnerability summary", }, { category: "other", text: "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46175", }, { category: "external", summary: "RHBZ#2156263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156263", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46175", url: "https://www.cve.org/CVERecord?id=CVE-2022-46175", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", }, { category: "external", summary: "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", url: "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", }, ], release_date: "2022-12-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "json5: Prototype Pollution in JSON5 via Parse Method", }, { cve: "CVE-2022-46363", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155681", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", title: "Vulnerability description", }, { category: "summary", text: "CXF: directory listing / code exfiltration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46363", }, { category: "external", summary: "RHBZ#2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46363", url: "https://www.cve.org/CVERecord?id=CVE-2022-46363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", }, { category: "external", summary: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", url: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: directory listing / code exfiltration", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, { acknowledgments: [ { names: [ "Sourav Kumar", ], organization: "https://github.com/souravs17031999", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2023-0091", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-10-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2158585", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Client Registration endpoint does not check token revocation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0091", }, { category: "external", summary: "RHBZ#2158585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158585", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0091", url: "https://www.cve.org/CVERecord?id=CVE-2023-0091", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", }, { category: "external", summary: "https://github.com/keycloak/security/issues/27", url: "https://github.com/keycloak/security/issues/27", }, ], release_date: "2022-10-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.8, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "keycloak: Client Registration endpoint does not check token revocation", }, { acknowledgments: [ { names: [ "Jordi Zayuelas i Muñoz", ], organization: "A1 Digital", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2023-0264", cwe: { id: "CWE-303", name: "Incorrect Implementation of Authentication Algorithm", }, discovery_date: "2023-01-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2160585", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak's OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: user impersonation via stolen uuid code", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0264", }, { category: "external", summary: "RHBZ#2160585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2160585", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0264", url: "https://www.cve.org/CVERecord?id=CVE-2023-0264", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", }, ], release_date: "2023-02-28T18:58:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: user impersonation via stolen uuid code", }, ], }
rhsa-2022_8962
Vulnerability from csaf_redhat
Published
2022-12-13 14:03
Modified
2024-11-22 21:10
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 8
Notes
Topic
New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8962", url: "https://access.redhat.com/errata/RHSA-2022:8962", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "CIAM-4414", url: "https://issues.redhat.com/browse/CIAM-4414", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8962.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 8", tracking: { current_release_date: "2024-11-22T21:10:32+00:00", generator: { date: "2024-11-22T21:10:32+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:8962", initial_release_date: "2022-12-13T14:03:05+00:00", revision_history: [ { date: "2022-12-13T14:03:05+00:00", number: "1", summary: "Initial version", }, { date: "2022-12-13T14:03:05+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:10:32+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 8", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00002.1.el8sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00002.1.el8sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00002.1.el8sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", relates_to_product_reference: "8Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", relates_to_product_reference: "8Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", relates_to_product_reference: "8Base-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:03:05+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8962", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { acknowledgments: [ { names: [ "Peter Flintholm", ], organization: "Trifork", }, ], cve: "CVE-2022-3916", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2022-11-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2141404", }, ], notes: [ { category: "description", text: "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Session takeover with OIDC offline refreshtokens", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3916", }, { category: "external", summary: "RHBZ#2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3916", url: "https://www.cve.org/CVERecord?id=CVE-2022-3916", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", }, ], release_date: "2022-11-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:03:05+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8962", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Session takeover with OIDC offline refreshtokens", }, ], }
rhsa-2023:3815
Vulnerability from csaf_redhat
Published
2023-06-27 11:28
Modified
2025-03-24 12:03
Summary
Red Hat Security Advisory: Service Registry (container images) release and security update [2.4.3 GA]
Notes
Topic
An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat Integration - Service Registry 2.4.3 GA includes the following security fixes.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* protobuf-java: Textformat parsing issue leads to DoS (CVE-2022-3509)
* protobuf-java: Message-Type Extensions parsing issue leads to DoS (CVE-2022-3510)
* json-pointer: prototype pollution in json-pointer (CVE-2022-4742)
* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787)
* graphql-java: crafted GraphQL query causes stack consumption (CVE-2023-28867)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of Red Hat Integration - Service Registry 2.4.3 GA includes the following security fixes.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* protobuf-java: Textformat parsing issue leads to DoS (CVE-2022-3509)\n\n* protobuf-java: Message-Type Extensions parsing issue leads to DoS (CVE-2022-3510)\n\n* json-pointer: prototype pollution in json-pointer (CVE-2022-4742)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787)\n\n* graphql-java: crafted GraphQL query causes stack consumption (CVE-2023-28867)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:3815", url: "https://access.redhat.com/errata/RHSA-2023:3815", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2156333", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156333", }, { category: "external", summary: "2158916", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158916", }, { category: "external", summary: "2165824", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2165824", }, { category: "external", summary: "2181977", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2181977", }, { category: "external", summary: "2184161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2184161", }, { category: "external", summary: "2184176", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2184176", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3815.json", }, ], title: "Red Hat Security Advisory: Service Registry (container images) release and security update [2.4.3 GA]", tracking: { current_release_date: "2025-03-24T12:03:33+00:00", generator: { date: "2025-03-24T12:03:33+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:3815", initial_release_date: "2023-06-27T11:28:55+00:00", revision_history: [ { date: "2023-06-27T11:28:55+00:00", number: "1", summary: "Initial version", }, { date: "2023-06-27T11:28:55+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-24T12:03:33+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHINT Service Registry 2.4.3 GA", product: { name: "RHINT Service Registry 2.4.3 GA", product_id: "RHINT Service Registry 2.4.3 GA", product_identification_helper: { cpe: "cpe:/a:redhat:service_registry:2.4", }, }, }, ], category: "product_family", name: "Red Hat Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2022-3509", cwe: { id: "CWE-915", name: "Improperly Controlled Modification of Dynamically-Determined Object Attributes", }, discovery_date: "2022-12-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2184161", }, ], notes: [ { category: "description", text: "A flaw was found in Textformat in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.", title: "Vulnerability description", }, { category: "summary", text: "protobuf-java: Textformat parsing issue leads to DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3509", }, { category: "external", summary: "RHBZ#2184161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2184161", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3509", url: "https://www.cve.org/CVERecord?id=CVE-2022-3509", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3509", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3509", }, ], release_date: "2022-12-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "protobuf-java: Textformat parsing issue leads to DoS", }, { cve: "CVE-2022-3510", cwe: { id: "CWE-915", name: "Improperly Controlled Modification of Dynamically-Determined Object Attributes", }, discovery_date: "2022-12-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2184176", }, ], notes: [ { category: "description", text: "A flaw was found in Message-Type Extensions in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.", title: "Vulnerability description", }, { category: "summary", text: "protobuf-java: Message-Type Extensions parsing issue leads to DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3510", }, { category: "external", summary: "RHBZ#2184176", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2184176", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3510", url: "https://www.cve.org/CVERecord?id=CVE-2022-3510", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3510", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3510", }, ], release_date: "2022-12-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "protobuf-java: Message-Type Extensions parsing issue leads to DoS", }, { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { cve: "CVE-2022-4742", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, discovery_date: "2022-12-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2156333", }, ], notes: [ { category: "description", text: "A flaw was found in the json-pointer package. The affected versions of this package are vulnerable to prototype pollution vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "json-pointer: prototype pollution in json-pointer", title: "Vulnerability summary", }, { category: "other", text: "The json-pointer is a transitive dependency and is not used directly in any of the Red Hat products. Hence, the impact is set to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4742", }, { category: "external", summary: "RHBZ#2156333", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156333", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4742", url: "https://www.cve.org/CVERecord?id=CVE-2022-4742", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4742", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4742", }, ], release_date: "2022-12-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "json-pointer: prototype pollution in json-pointer", }, { cve: "CVE-2022-25881", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2023-01-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2165824", }, ], notes: [ { category: "description", text: "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", title: "Vulnerability description", }, { category: "summary", text: "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-25881", }, { category: "external", summary: "RHBZ#2165824", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2165824", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-25881", url: "https://www.cve.org/CVERecord?id=CVE-2022-25881", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-25881", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-25881", }, ], release_date: "2023-01-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-45787", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2023-01-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2158916", }, ], notes: [ { category: "description", text: "A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions.", title: "Vulnerability description", }, { category: "summary", text: "apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45787", }, { category: "external", summary: "RHBZ#2158916", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158916", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45787", url: "https://www.cve.org/CVERecord?id=CVE-2022-45787", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45787", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45787", }, ], release_date: "2023-01-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider", }, { cve: "CVE-2023-28867", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2181977", }, ], notes: [ { category: "description", text: "A flaw was found in GraphQL Java. This issue may allow a malicious user to send a crafted GraphQL query that causes stack consumption, causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "graphql-java: crafted GraphQL query causes stack consumption", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28867", }, { category: "external", summary: "RHBZ#2181977", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2181977", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28867", url: "https://www.cve.org/CVERecord?id=CVE-2023-28867", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28867", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28867", }, ], release_date: "2023-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "graphql-java: crafted GraphQL query causes stack consumption", }, ], }
RHSA-2022:8965
Vulnerability from csaf_redhat
Published
2022-12-13 14:04
Modified
2025-03-14 22:46
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update
Notes
Topic
An update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the following security fixes.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the following security fixes.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8965", url: "https://access.redhat.com/errata/RHSA-2022:8965", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.6", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.6", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "CIAM-4411", url: "https://issues.redhat.com/browse/CIAM-4411", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8965.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update", tracking: { current_release_date: "2025-03-14T22:46:04+00:00", generator: { date: "2025-03-14T22:46:04+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2022:8965", initial_release_date: "2022-12-13T14:04:59+00:00", revision_history: [ { date: "2022-12-13T14:04:59+00:00", number: "1", summary: "Initial version", }, { date: "2022-12-13T14:04:59+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T22:46:04+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6.1", product: { name: "Red Hat Single Sign-On 7.6.1", product_id: "Red Hat Single Sign-On 7.6.1", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6.1", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:04:59+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8965", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { acknowledgments: [ { names: [ "Peter Flintholm", ], organization: "Trifork", }, ], cve: "CVE-2022-3916", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2022-11-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2141404", }, ], notes: [ { category: "description", text: "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Session takeover with OIDC offline refreshtokens", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3916", }, { category: "external", summary: "RHBZ#2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3916", url: "https://www.cve.org/CVERecord?id=CVE-2022-3916", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", }, ], release_date: "2022-11-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:04:59+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8965", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Session takeover with OIDC offline refreshtokens", }, ], }
RHSA-2022:8961
Vulnerability from csaf_redhat
Published
2022-12-13 14:02
Modified
2025-03-14 22:46
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 7
Notes
Topic
New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8961", url: "https://access.redhat.com/errata/RHSA-2022:8961", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "CIAM-4414", url: "https://issues.redhat.com/browse/CIAM-4414", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8961.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 7", tracking: { current_release_date: "2025-03-14T22:46:44+00:00", generator: { date: "2025-03-14T22:46:44+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2022:8961", initial_release_date: "2022-12-13T14:02:36+00:00", revision_history: [ { date: "2022-12-13T14:02:36+00:00", number: "1", summary: "Initial version", }, { date: "2022-12-13T14:02:36+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T22:46:44+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 7 Server", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00002.1.el7sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00002.1.el7sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00002.1.el7sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", relates_to_product_reference: "7Server-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", relates_to_product_reference: "7Server-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", relates_to_product_reference: "7Server-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:02:36+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8961", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { acknowledgments: [ { names: [ "Peter Flintholm", ], organization: "Trifork", }, ], cve: "CVE-2022-3916", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2022-11-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2141404", }, ], notes: [ { category: "description", text: "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Session takeover with OIDC offline refreshtokens", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3916", }, { category: "external", summary: "RHBZ#2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3916", url: "https://www.cve.org/CVERecord?id=CVE-2022-3916", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", }, ], release_date: "2022-11-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:02:36+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8961", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Session takeover with OIDC offline refreshtokens", }, ], }
RHSA-2022:8964
Vulnerability from csaf_redhat
Published
2022-12-13 15:29
Modified
2025-03-14 22:46
Summary
Red Hat Security Advisory: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images
Notes
Topic
Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Users of rh-sso-7/sso76-openshift-rhel8 container images and rh-sso-7/sso7-rhel8-operator operator are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.
You can find images updated by this advisory in Red Hat Container Catalog (see References).
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nUsers of rh-sso-7/sso76-openshift-rhel8 container images and rh-sso-7/sso7-rhel8-operator operator are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8964", url: "https://access.redhat.com/errata/RHSA-2022:8964", }, { category: "external", summary: "https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/rh-sso-7/sso76-openshift-rhel8", url: "https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/rh-sso-7/sso76-openshift-rhel8", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "CIAM-4412", url: "https://issues.redhat.com/browse/CIAM-4412", }, { category: "external", summary: "CIAM-4413", url: "https://issues.redhat.com/browse/CIAM-4413", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8964.json", }, ], title: "Red Hat Security Advisory: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images", tracking: { current_release_date: "2025-03-14T22:46:20+00:00", generator: { date: "2025-03-14T22:46:20+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2022:8964", initial_release_date: "2022-12-13T15:29:04+00:00", revision_history: [ { date: "2022-12-13T15:29:04+00:00", number: "1", summary: "Initial version", }, { date: "2022-12-13T15:29:04+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T22:46:20+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Middleware Containers for OpenShift", product: { name: "Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware", product_identification_helper: { cpe: "cpe:/a:redhat:rhosemc:1.0::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", product: { name: "rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", product_id: "rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", product_identification_helper: { purl: "pkg:oci/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e?arch=amd64&repository_url=registry.redhat.io/rh-sso-7/sso7-rhel8-operator-bundle&tag=7.6.1-8", }, }, }, { category: "product_version", name: "rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", product: { name: "rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", product_id: "rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", product_identification_helper: { purl: "pkg:oci/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf?arch=amd64&repository_url=registry.redhat.io/rh-sso-7/sso7-rhel8-operator&tag=7.6-7", }, }, }, { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50?arch=amd64&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-15", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", product: { name: "rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", product_id: "rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", product_identification_helper: { purl: "pkg:oci/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914?arch=s390x&repository_url=registry.redhat.io/rh-sso-7/sso7-rhel8-operator&tag=7.6-7", }, }, }, { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac?arch=s390x&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-15", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", product: { name: "rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", product_id: "rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", product_identification_helper: { purl: "pkg:oci/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4?arch=ppc64le&repository_url=registry.redhat.io/rh-sso-7/sso7-rhel8-operator&tag=7.6-7", }, }, }, { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31?arch=ppc64le&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-15", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64 as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", }, product_reference: "rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", }, product_reference: "rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", }, product_reference: "rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64 as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", }, product_reference: "rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64 as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", relates_to_product_reference: "8Base-RHOSE-Middleware", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", ], known_not_affected: [ "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T15:29:04+00:00", details: "The RHEL-8 based Middleware Containers container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8964", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { acknowledgments: [ { names: [ "Peter Flintholm", ], organization: "Trifork", }, ], cve: "CVE-2022-3916", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2022-11-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2141404", }, ], notes: [ { category: "description", text: "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Session takeover with OIDC offline refreshtokens", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", ], known_not_affected: [ "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3916", }, { category: "external", summary: "RHBZ#2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3916", url: "https://www.cve.org/CVERecord?id=CVE-2022-3916", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", }, ], release_date: "2022-11-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T15:29:04+00:00", details: "The RHEL-8 based Middleware Containers container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8964", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Session takeover with OIDC offline refreshtokens", }, ], }
RHSA-2022:8963
Vulnerability from csaf_redhat
Published
2022-12-13 14:03
Modified
2025-03-14 22:46
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 9
Notes
Topic
New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8963", url: "https://access.redhat.com/errata/RHSA-2022:8963", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "CIAM-4414", url: "https://issues.redhat.com/browse/CIAM-4414", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8963.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 9", tracking: { current_release_date: "2025-03-14T22:46:12+00:00", generator: { date: "2025-03-14T22:46:12+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2022:8963", initial_release_date: "2022-12-13T14:03:11+00:00", revision_history: [ { date: "2022-12-13T14:03:11+00:00", number: "1", summary: "Initial version", }, { date: "2022-12-13T14:03:11+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T22:46:12+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 9", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00002.1.el9sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00002.1.el9sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00002.1.el9sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:03:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8963", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { acknowledgments: [ { names: [ "Peter Flintholm", ], organization: "Trifork", }, ], cve: "CVE-2022-3916", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2022-11-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2141404", }, ], notes: [ { category: "description", text: "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Session takeover with OIDC offline refreshtokens", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3916", }, { category: "external", summary: "RHBZ#2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3916", url: "https://www.cve.org/CVERecord?id=CVE-2022-3916", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", }, ], release_date: "2022-11-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:03:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8963", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Session takeover with OIDC offline refreshtokens", }, ], }
RHSA-2022:8962
Vulnerability from csaf_redhat
Published
2022-12-13 14:03
Modified
2025-03-14 22:45
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 8
Notes
Topic
New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8962", url: "https://access.redhat.com/errata/RHSA-2022:8962", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "CIAM-4414", url: "https://issues.redhat.com/browse/CIAM-4414", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8962.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 8", tracking: { current_release_date: "2025-03-14T22:45:55+00:00", generator: { date: "2025-03-14T22:45:55+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2022:8962", initial_release_date: "2022-12-13T14:03:05+00:00", revision_history: [ { date: "2022-12-13T14:03:05+00:00", number: "1", summary: "Initial version", }, { date: "2022-12-13T14:03:05+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T22:45:55+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 8", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00002.1.el8sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00002.1.el8sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00002.1.el8sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", relates_to_product_reference: "8Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", relates_to_product_reference: "8Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", relates_to_product_reference: "8Base-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:03:05+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8962", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { acknowledgments: [ { names: [ "Peter Flintholm", ], organization: "Trifork", }, ], cve: "CVE-2022-3916", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2022-11-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2141404", }, ], notes: [ { category: "description", text: "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Session takeover with OIDC offline refreshtokens", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3916", }, { category: "external", summary: "RHBZ#2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3916", url: "https://www.cve.org/CVERecord?id=CVE-2022-3916", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", }, ], release_date: "2022-11-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:03:05+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8962", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Session takeover with OIDC offline refreshtokens", }, ], }
rhsa-2023_1285
Vulnerability from csaf_redhat
Published
2023-03-16 07:57
Modified
2024-12-16 03:15
Summary
Red Hat Security Advisory: Migration Toolkit for Runtimes security bug fix and enhancement update
Notes
Topic
Migration Toolkit for Runtimes 1.0.2 release
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Migration Toolkit for Runtimes 1.0.2 ZIP artifacts
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)
* Apache CXF: SSRF Vulnerability (CVE-2022-46364)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Migration Toolkit for Runtimes 1.0.2 release\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Migration Toolkit for Runtimes 1.0.2 ZIP artifacts\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)\n\n* Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:1285", url: "https://access.redhat.com/errata/RHSA-2023:1285", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes&downloadType=distributions", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes&downloadType=distributions", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2162200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162200", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1285.json", }, ], title: "Red Hat Security Advisory: Migration Toolkit for Runtimes security bug fix and enhancement update", tracking: { current_release_date: "2024-12-16T03:15:20+00:00", generator: { date: "2024-12-16T03:15:20+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:1285", initial_release_date: "2023-03-16T07:57:03+00:00", revision_history: [ { date: "2023-03-16T07:57:03+00:00", number: "1", summary: "Initial version", }, { date: "2023-03-16T07:57:03+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-16T03:15:20+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Migration Toolkit for Runtimes 1 on RHEL 8", product: { name: "Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "Migration Toolkit for Runtimes 1 on RHEL 8", product_identification_helper: { cpe: "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", }, }, }, ], category: "product_family", name: "Migration Toolkit for Runtimes", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-16T07:57:03+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1285", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { cve: "CVE-2022-31690", cwe: { id: "CWE-269", name: "Improper Privilege Management", }, discovery_date: "2023-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2162200", }, ], notes: [ { category: "description", text: "A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker can gain elevated privileges on the system.", title: "Vulnerability description", }, { category: "summary", text: "spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel-K, Camel-Quarkus, and Camel-SpringBoot do not directly use or ship the affected software, but do have references to it in their Maven POMs. As such their impact has been reduced to Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-31690", }, { category: "external", summary: "RHBZ#2162200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162200", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-31690", url: "https://www.cve.org/CVERecord?id=CVE-2022-31690", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-31690", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-31690", }, { category: "external", summary: "https://spring.io/security/cve-2022-31690", url: "https://spring.io/security/cve-2022-31690", }, ], release_date: "2022-10-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-16T07:57:03+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1285", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-16T07:57:03+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1285", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, ], }
RHSA-2023:2041
Vulnerability from csaf_redhat
Published
2023-04-27 00:48
Modified
2025-03-14 22:49
Summary
Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update
Notes
Topic
Migration Toolkit for Applications 6.1.0 release
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Migration Toolkit for Applications 6.1.0 Images
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* Apache CXF: SSRF Vulnerability (CVE-2022-46364)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Migration Toolkit for Applications 6.1.0 release\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Migration Toolkit for Applications 6.1.0 Images\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)\n\n* Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:2041", url: "https://access.redhat.com/errata/RHSA-2023:2041", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2162200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162200", }, { category: "external", summary: "2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "MTA-118", url: "https://issues.redhat.com/browse/MTA-118", }, { category: "external", summary: "MTA-123", url: "https://issues.redhat.com/browse/MTA-123", }, { category: "external", summary: "MTA-129", url: "https://issues.redhat.com/browse/MTA-129", }, { category: "external", summary: "MTA-160", url: "https://issues.redhat.com/browse/MTA-160", }, { category: "external", summary: "MTA-204", url: "https://issues.redhat.com/browse/MTA-204", }, { category: "external", summary: "MTA-256", url: "https://issues.redhat.com/browse/MTA-256", }, { category: "external", summary: "MTA-260", url: "https://issues.redhat.com/browse/MTA-260", }, { category: "external", summary: "MTA-261", url: "https://issues.redhat.com/browse/MTA-261", }, { category: "external", summary: "MTA-263", url: "https://issues.redhat.com/browse/MTA-263", }, { category: "external", summary: "MTA-267", url: "https://issues.redhat.com/browse/MTA-267", }, { category: "external", summary: "MTA-268", url: "https://issues.redhat.com/browse/MTA-268", }, { category: "external", summary: "MTA-279", url: "https://issues.redhat.com/browse/MTA-279", }, { category: "external", summary: "MTA-28", url: "https://issues.redhat.com/browse/MTA-28", }, { category: "external", summary: "MTA-282", url: "https://issues.redhat.com/browse/MTA-282", }, { category: "external", summary: "MTA-283", url: "https://issues.redhat.com/browse/MTA-283", }, { category: "external", summary: "MTA-284", url: "https://issues.redhat.com/browse/MTA-284", }, { category: "external", summary: "MTA-29", url: "https://issues.redhat.com/browse/MTA-29", }, { category: "external", summary: "MTA-297", url: "https://issues.redhat.com/browse/MTA-297", }, { category: "external", summary: "MTA-298", url: "https://issues.redhat.com/browse/MTA-298", }, { category: "external", summary: "MTA-299", url: "https://issues.redhat.com/browse/MTA-299", }, { category: "external", summary: "MTA-300", url: "https://issues.redhat.com/browse/MTA-300", }, { category: "external", summary: "MTA-303", url: "https://issues.redhat.com/browse/MTA-303", }, { category: "external", summary: "MTA-304", url: "https://issues.redhat.com/browse/MTA-304", }, { category: "external", summary: "MTA-306", url: "https://issues.redhat.com/browse/MTA-306", }, { category: "external", summary: "MTA-311", url: "https://issues.redhat.com/browse/MTA-311", }, { category: "external", summary: "MTA-314", url: "https://issues.redhat.com/browse/MTA-314", }, { category: "external", summary: "MTA-330", url: "https://issues.redhat.com/browse/MTA-330", }, { category: "external", summary: "MTA-332", url: "https://issues.redhat.com/browse/MTA-332", }, { category: "external", summary: "MTA-34", url: "https://issues.redhat.com/browse/MTA-34", }, { category: "external", summary: "MTA-345", url: "https://issues.redhat.com/browse/MTA-345", }, { category: "external", summary: "MTA-35", url: "https://issues.redhat.com/browse/MTA-35", }, { category: "external", summary: "MTA-350", url: "https://issues.redhat.com/browse/MTA-350", }, { category: "external", summary: "MTA-351", url: "https://issues.redhat.com/browse/MTA-351", }, { category: "external", summary: "MTA-356", url: "https://issues.redhat.com/browse/MTA-356", }, { category: "external", summary: "MTA-363", url: "https://issues.redhat.com/browse/MTA-363", }, { category: "external", summary: "MTA-364", url: "https://issues.redhat.com/browse/MTA-364", }, { category: "external", summary: "MTA-366", url: "https://issues.redhat.com/browse/MTA-366", }, { category: "external", summary: "MTA-367", url: "https://issues.redhat.com/browse/MTA-367", }, { category: "external", summary: "MTA-369", url: "https://issues.redhat.com/browse/MTA-369", }, { category: "external", summary: "MTA-375", url: "https://issues.redhat.com/browse/MTA-375", }, { category: "external", summary: "MTA-377", url: "https://issues.redhat.com/browse/MTA-377", }, { category: "external", summary: "MTA-378", url: "https://issues.redhat.com/browse/MTA-378", }, { category: "external", summary: "MTA-38", url: "https://issues.redhat.com/browse/MTA-38", }, { category: "external", summary: "MTA-381", url: "https://issues.redhat.com/browse/MTA-381", }, { category: "external", summary: "MTA-382", url: "https://issues.redhat.com/browse/MTA-382", }, { category: "external", summary: "MTA-388", url: "https://issues.redhat.com/browse/MTA-388", }, { category: "external", summary: "MTA-389", url: "https://issues.redhat.com/browse/MTA-389", }, { category: "external", summary: "MTA-391", url: "https://issues.redhat.com/browse/MTA-391", }, { category: "external", summary: "MTA-392", url: "https://issues.redhat.com/browse/MTA-392", }, { category: "external", summary: "MTA-41", url: "https://issues.redhat.com/browse/MTA-41", }, { category: "external", summary: "MTA-412", url: "https://issues.redhat.com/browse/MTA-412", }, { category: "external", summary: "MTA-428", url: "https://issues.redhat.com/browse/MTA-428", }, { category: "external", summary: "MTA-430", url: "https://issues.redhat.com/browse/MTA-430", }, { category: "external", summary: "MTA-438", url: "https://issues.redhat.com/browse/MTA-438", }, { category: "external", summary: "MTA-439", url: "https://issues.redhat.com/browse/MTA-439", }, { category: "external", summary: "MTA-443", url: "https://issues.redhat.com/browse/MTA-443", }, { category: "external", summary: "MTA-50", url: "https://issues.redhat.com/browse/MTA-50", }, { category: "external", summary: "MTA-51", url: "https://issues.redhat.com/browse/MTA-51", }, { category: "external", summary: "MTA-52", url: "https://issues.redhat.com/browse/MTA-52", }, { category: "external", summary: "MTA-55", url: "https://issues.redhat.com/browse/MTA-55", }, { category: "external", summary: "MTA-78", url: "https://issues.redhat.com/browse/MTA-78", }, { category: "external", summary: "MTA-99", url: "https://issues.redhat.com/browse/MTA-99", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2041.json", }, ], title: "Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update", tracking: { current_release_date: "2025-03-14T22:49:44+00:00", generator: { date: "2025-03-14T22:49:44+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:2041", initial_release_date: "2023-04-27T00:48:48+00:00", revision_history: [ { date: "2023-04-27T00:48:48+00:00", number: "1", summary: "Initial version", }, { date: "2023-04-27T00:48:48+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T22:49:44+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "MTA 6.1 for RHEL 8", product: { name: "MTA 6.1 for RHEL 8", product_id: "8Base-MTA-6.1", product_identification_helper: { cpe: "cpe:/a:redhat:migration_toolkit_applications:6.1::el8", }, }, }, ], category: "product_family", name: "Migration Toolkit for Applications", }, { branches: [ { category: "product_version", name: "mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", product: { name: "mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", product_id: "mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", product_identification_helper: { purl: "pkg:oci/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166?arch=amd64&repository_url=registry.redhat.io/mta/mta-hub-rhel8&tag=6.1.0-10", }, }, }, { category: "product_version", name: "mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", product: { name: "mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", product_id: "mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", product_identification_helper: { purl: "pkg:oci/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35?arch=amd64&repository_url=registry.redhat.io/mta/mta-operator-bundle&tag=6.1.0-16", }, }, }, { category: "product_version", name: "mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", product: { name: "mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", product_id: "mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", product_identification_helper: { purl: "pkg:oci/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09?arch=amd64&repository_url=registry.redhat.io/mta/mta-rhel8-operator&tag=6.1.0-11", }, }, }, { category: "product_version", name: "mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", product: { name: "mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", product_id: "mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", product_identification_helper: { purl: "pkg:oci/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46?arch=amd64&repository_url=registry.redhat.io/mta/mta-pathfinder-rhel8&tag=6.1.0-7", }, }, }, { category: "product_version", name: "mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", product: { name: "mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", product_id: "mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", product_identification_helper: { purl: "pkg:oci/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685?arch=amd64&repository_url=registry.redhat.io/mta/mta-ui-rhel8&tag=6.1.0-13", }, }, }, { category: "product_version", name: "mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", product: { name: "mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", product_id: "mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", product_identification_helper: { purl: "pkg:oci/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0?arch=amd64&repository_url=registry.redhat.io/mta/mta-windup-addon-rhel8&tag=6.1.0-11", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64 as a component of MTA 6.1 for RHEL 8", product_id: "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", }, product_reference: "mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", relates_to_product_reference: "8Base-MTA-6.1", }, { category: "default_component_of", full_product_name: { name: "mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64 as a component of MTA 6.1 for RHEL 8", product_id: "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", }, product_reference: "mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", relates_to_product_reference: "8Base-MTA-6.1", }, { category: "default_component_of", full_product_name: { name: "mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64 as a component of MTA 6.1 for RHEL 8", product_id: "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", }, product_reference: "mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", relates_to_product_reference: "8Base-MTA-6.1", }, { category: "default_component_of", full_product_name: { name: "mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64 as a component of MTA 6.1 for RHEL 8", product_id: "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", }, product_reference: "mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", relates_to_product_reference: "8Base-MTA-6.1", }, { category: "default_component_of", full_product_name: { name: "mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64 as a component of MTA 6.1 for RHEL 8", product_id: "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", }, product_reference: "mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", relates_to_product_reference: "8Base-MTA-6.1", }, { category: "default_component_of", full_product_name: { name: "mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64 as a component of MTA 6.1 for RHEL 8", product_id: "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", }, product_reference: "mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", relates_to_product_reference: "8Base-MTA-6.1", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], known_not_affected: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-27T00:48:48+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2041", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { cve: "CVE-2022-31690", cwe: { id: "CWE-269", name: "Improper Privilege Management", }, discovery_date: "2023-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2162200", }, ], notes: [ { category: "description", text: "A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker can gain elevated privileges on the system.", title: "Vulnerability description", }, { category: "summary", text: "spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel-K, Camel-Quarkus, and Camel-SpringBoot do not directly use or ship the affected software, but do have references to it in their Maven POMs. As such their impact has been reduced to Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], known_not_affected: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-31690", }, { category: "external", summary: "RHBZ#2162200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162200", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-31690", url: "https://www.cve.org/CVERecord?id=CVE-2022-31690", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-31690", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-31690", }, { category: "external", summary: "https://spring.io/security/cve-2022-31690", url: "https://spring.io/security/cve-2022-31690", }, ], release_date: "2022-10-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-27T00:48:48+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2041", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client", }, { cve: "CVE-2022-41966", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2023-02-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2170431", }, ], notes: [ { category: "description", text: "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.", title: "Vulnerability description", }, { category: "summary", text: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], known_not_affected: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41966", }, { category: "external", summary: "RHBZ#2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41966", url: "https://www.cve.org/CVERecord?id=CVE-2022-41966", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", }, { category: "external", summary: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", url: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", }, ], release_date: "2022-12-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-27T00:48:48+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2041", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], known_not_affected: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-27T00:48:48+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2041", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, ], }
rhsa-2022:8963
Vulnerability from csaf_redhat
Published
2022-12-13 14:03
Modified
2025-03-14 22:46
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 9
Notes
Topic
New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8963", url: "https://access.redhat.com/errata/RHSA-2022:8963", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "CIAM-4414", url: "https://issues.redhat.com/browse/CIAM-4414", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8963.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 9", tracking: { current_release_date: "2025-03-14T22:46:12+00:00", generator: { date: "2025-03-14T22:46:12+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2022:8963", initial_release_date: "2022-12-13T14:03:11+00:00", revision_history: [ { date: "2022-12-13T14:03:11+00:00", number: "1", summary: "Initial version", }, { date: "2022-12-13T14:03:11+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T22:46:12+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 9", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00002.1.el9sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00002.1.el9sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00002.1.el9sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:03:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8963", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { acknowledgments: [ { names: [ "Peter Flintholm", ], organization: "Trifork", }, ], cve: "CVE-2022-3916", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2022-11-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2141404", }, ], notes: [ { category: "description", text: "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Session takeover with OIDC offline refreshtokens", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3916", }, { category: "external", summary: "RHBZ#2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3916", url: "https://www.cve.org/CVERecord?id=CVE-2022-3916", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", }, ], release_date: "2022-11-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:03:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8963", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el9sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Session takeover with OIDC offline refreshtokens", }, ], }
rhsa-2022:8964
Vulnerability from csaf_redhat
Published
2022-12-13 15:29
Modified
2025-03-14 22:46
Summary
Red Hat Security Advisory: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images
Notes
Topic
Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Users of rh-sso-7/sso76-openshift-rhel8 container images and rh-sso-7/sso7-rhel8-operator operator are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.
You can find images updated by this advisory in Red Hat Container Catalog (see References).
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nUsers of rh-sso-7/sso76-openshift-rhel8 container images and rh-sso-7/sso7-rhel8-operator operator are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8964", url: "https://access.redhat.com/errata/RHSA-2022:8964", }, { category: "external", summary: "https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/rh-sso-7/sso76-openshift-rhel8", url: "https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/rh-sso-7/sso76-openshift-rhel8", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "CIAM-4412", url: "https://issues.redhat.com/browse/CIAM-4412", }, { category: "external", summary: "CIAM-4413", url: "https://issues.redhat.com/browse/CIAM-4413", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8964.json", }, ], title: "Red Hat Security Advisory: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images", tracking: { current_release_date: "2025-03-14T22:46:20+00:00", generator: { date: "2025-03-14T22:46:20+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2022:8964", initial_release_date: "2022-12-13T15:29:04+00:00", revision_history: [ { date: "2022-12-13T15:29:04+00:00", number: "1", summary: "Initial version", }, { date: "2022-12-13T15:29:04+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T22:46:20+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Middleware Containers for OpenShift", product: { name: "Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware", product_identification_helper: { cpe: "cpe:/a:redhat:rhosemc:1.0::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", product: { name: "rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", product_id: "rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", product_identification_helper: { purl: "pkg:oci/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e?arch=amd64&repository_url=registry.redhat.io/rh-sso-7/sso7-rhel8-operator-bundle&tag=7.6.1-8", }, }, }, { category: "product_version", name: "rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", product: { name: "rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", product_id: "rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", product_identification_helper: { purl: "pkg:oci/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf?arch=amd64&repository_url=registry.redhat.io/rh-sso-7/sso7-rhel8-operator&tag=7.6-7", }, }, }, { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50?arch=amd64&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-15", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", product: { name: "rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", product_id: "rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", product_identification_helper: { purl: "pkg:oci/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914?arch=s390x&repository_url=registry.redhat.io/rh-sso-7/sso7-rhel8-operator&tag=7.6-7", }, }, }, { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac?arch=s390x&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-15", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", product: { name: "rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", product_id: "rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", product_identification_helper: { purl: "pkg:oci/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4?arch=ppc64le&repository_url=registry.redhat.io/rh-sso-7/sso7-rhel8-operator&tag=7.6-7", }, }, }, { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31?arch=ppc64le&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-15", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64 as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", }, product_reference: "rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", }, product_reference: "rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", }, product_reference: "rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64 as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", }, product_reference: "rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64 as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", relates_to_product_reference: "8Base-RHOSE-Middleware", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", ], known_not_affected: [ "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T15:29:04+00:00", details: "The RHEL-8 based Middleware Containers container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8964", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { acknowledgments: [ { names: [ "Peter Flintholm", ], organization: "Trifork", }, ], cve: "CVE-2022-3916", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2022-11-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2141404", }, ], notes: [ { category: "description", text: "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Session takeover with OIDC offline refreshtokens", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", ], known_not_affected: [ "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3916", }, { category: "external", summary: "RHBZ#2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3916", url: "https://www.cve.org/CVERecord?id=CVE-2022-3916", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", }, ], release_date: "2022-11-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T15:29:04+00:00", details: "The RHEL-8 based Middleware Containers container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8964", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Session takeover with OIDC offline refreshtokens", }, ], }
rhsa-2022:8962
Vulnerability from csaf_redhat
Published
2022-12-13 14:03
Modified
2025-03-14 22:45
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 8
Notes
Topic
New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8962", url: "https://access.redhat.com/errata/RHSA-2022:8962", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "CIAM-4414", url: "https://issues.redhat.com/browse/CIAM-4414", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8962.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 8", tracking: { current_release_date: "2025-03-14T22:45:55+00:00", generator: { date: "2025-03-14T22:45:55+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2022:8962", initial_release_date: "2022-12-13T14:03:05+00:00", revision_history: [ { date: "2022-12-13T14:03:05+00:00", number: "1", summary: "Initial version", }, { date: "2022-12-13T14:03:05+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T22:45:55+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 8", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00002.1.el8sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00002.1.el8sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00002.1.el8sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", relates_to_product_reference: "8Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", relates_to_product_reference: "8Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", relates_to_product_reference: "8Base-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:03:05+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8962", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { acknowledgments: [ { names: [ "Peter Flintholm", ], organization: "Trifork", }, ], cve: "CVE-2022-3916", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2022-11-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2141404", }, ], notes: [ { category: "description", text: "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Session takeover with OIDC offline refreshtokens", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3916", }, { category: "external", summary: "RHBZ#2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3916", url: "https://www.cve.org/CVERecord?id=CVE-2022-3916", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", }, ], release_date: "2022-11-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:03:05+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8962", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Session takeover with OIDC offline refreshtokens", }, ], }
RHSA-2023:1047
Vulnerability from csaf_redhat
Published
2023-03-01 21:46
Modified
2025-03-25 11:31
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update
Notes
Topic
A new image is available for Red Hat Single Sign-On 7.6.2, running on Red
Hat OpenShift Container Platform from the release of 3.11 up to the release
of 4.12.0.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On is an integrated sign-on solution, available as a
Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat
Single Sign-On for OpenShift image provides an authentication server that
you can use to log in centrally, log out, and register. You can also manage
user accounts for web applications, mobile applications, and RESTful web
services.
* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* RH-SSO for OpenShift images: unsecured management interface exposed to adjacent network (CVE-2022-4039)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* keycloak: minimist: prototype pollution (CVE-2021-44906)
* keycloak: missing email notification template allowlist (CVE-2022-1274)
* keycloak: XSS on izmpersonation under specific circumstances (CVE-2022-1438)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)
* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)
This erratum releases a new image for Red Hat Single Sign-On 7.6.2 for use
within the Red Hat OpenShift Container Platform (from the release of 3.11
up to the release of 4.12.0) cloud computing Platform-as-a-Service (PaaS)
for on-premise or private cloud deployments, aligning with the standalone
product release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A new image is available for Red Hat Single Sign-On 7.6.2, running on Red\nHat OpenShift Container Platform from the release of 3.11 up to the release\nof 4.12.0.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On is an integrated sign-on solution, available as a\nRed Hat JBoss Middleware for OpenShift containerized image. The Red Hat\nSingle Sign-On for OpenShift image provides an authentication server that\nyou can use to log in centrally, log out, and register. You can also manage\nuser accounts for web applications, mobile applications, and RESTful web\nservices.\n\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* RH-SSO for OpenShift images: unsecured management interface exposed to adjacent network (CVE-2022-4039)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: XSS on izmpersonation under specific circumstances (CVE-2022-1438)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n\nThis erratum releases a new image for Red Hat Single Sign-On 7.6.2 for use\nwithin the Red Hat OpenShift Container Platform (from the release of 3.11\nup to the release of 4.12.0) cloud computing Platform-as-a-Service (PaaS)\nfor on-premise or private cloud deployments, aligning with the standalone\nproduct release.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:1047", url: "https://access.redhat.com/errata/RHSA-2023:1047", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "2031904", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031904", }, { category: "external", summary: "2066009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066009", }, { category: "external", summary: "2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "2073157", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073157", }, { category: "external", summary: "2105075", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105075", }, { category: "external", summary: "2117506", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117506", }, { category: "external", summary: "2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2140597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140597", }, { category: "external", summary: "2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "2143416", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2143416", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2150009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2150009", }, { category: "external", summary: "2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "2156263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156263", }, { category: "external", summary: "2156324", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156324", }, { category: "external", summary: "2158585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158585", }, { category: "external", summary: "2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "2160585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2160585", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1047.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update", tracking: { current_release_date: "2025-03-25T11:31:16+00:00", generator: { date: "2025-03-25T11:31:16+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:1047", initial_release_date: "2023-03-01T21:46:46+00:00", revision_history: [ { date: "2023-03-01T21:46:46+00:00", number: "1", summary: "Initial version", }, { date: "2023-03-01T21:46:46+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-25T11:31:16+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Middleware Containers for OpenShift", product: { name: "Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware", product_identification_helper: { cpe: "cpe:/a:redhat:rhosemc:1.0::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21?arch=s390x&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-20", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60?arch=ppc64le&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-20", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f?arch=amd64&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-20", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64 as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", relates_to_product_reference: "8Base-RHOSE-Middleware", }, ], }, vulnerabilities: [ { cve: "CVE-2018-14040", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601614", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14040", }, { category: "external", summary: "RHBZ#1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14040", url: "https://www.cve.org/CVERecord?id=CVE-2018-14040", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", }, { cve: "CVE-2018-14042", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601617", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14042", }, { category: "external", summary: "RHBZ#1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14042", url: "https://www.cve.org/CVERecord?id=CVE-2018-14042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", }, { cve: "CVE-2019-11358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-03-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1701972", }, ], notes: [ { category: "description", text: "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11358", }, { category: "external", summary: "RHBZ#1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11358", url: "https://www.cve.org/CVERecord?id=CVE-2019-11358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", }, { category: "external", summary: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { category: "external", summary: "https://www.drupal.org/sa-core-2019-006", url: "https://www.drupal.org/sa-core-2019-006", }, ], release_date: "2019-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", }, { cve: "CVE-2020-11022", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-04-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1828406", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", title: "Vulnerability summary", }, { category: "other", text: "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11022", }, { category: "external", summary: "RHBZ#1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11022", url: "https://www.cve.org/CVERecord?id=CVE-2020-11022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", }, { category: "external", summary: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", url: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", }, ], release_date: "2020-04-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", }, { cve: "CVE-2021-35065", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-12-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2156324", }, ], notes: [ { category: "description", text: "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", title: "Vulnerability description", }, { category: "summary", text: "glob-parent: Regular Expression Denial of Service", title: "Vulnerability summary", }, { category: "other", text: "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-35065", }, { category: "external", summary: "RHBZ#2156324", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156324", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-35065", url: "https://www.cve.org/CVERecord?id=CVE-2021-35065", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", url: "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", }, ], release_date: "2022-12-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "glob-parent: Regular Expression Denial of Service", }, { cve: "CVE-2021-44906", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, discovery_date: "2022-03-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2066009", }, ], notes: [ { category: "description", text: "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", title: "Vulnerability description", }, { category: "summary", text: "minimist: prototype pollution", title: "Vulnerability summary", }, { category: "other", text: "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44906", }, { category: "external", summary: "RHBZ#2066009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44906", url: "https://www.cve.org/CVERecord?id=CVE-2021-44906", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", }, { category: "external", summary: "https://github.com/advisories/GHSA-xvch-5gv4-984h", url: "https://github.com/advisories/GHSA-xvch-5gv4-984h", }, ], release_date: "2022-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "minimist: prototype pollution", }, { acknowledgments: [ { names: [ "Marcus Nilsson", ], organization: "usd AG", }, ], cve: "CVE-2022-1274", cwe: { id: "CWE-80", name: "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", }, discovery_date: "2022-04-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073157", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: HTML injection in execute-actions-email Admin REST API", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1274", }, { category: "external", summary: "RHBZ#2073157", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073157", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1274", url: "https://www.cve.org/CVERecord?id=CVE-2022-1274", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", }, ], release_date: "2023-02-28T18:57:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: HTML injection in execute-actions-email Admin REST API", }, { acknowledgments: [ { names: [ "Grzegorz Tworek", ], organization: "SISOFT s.c.", }, ], cve: "CVE-2022-1438", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2021-12-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031904", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: XSS on impersonation under specific circumstances", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1438", }, { category: "external", summary: "RHBZ#2031904", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031904", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1438", url: "https://www.cve.org/CVERecord?id=CVE-2022-1438", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1438", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1438", }, ], release_date: "2023-02-28T18:56:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: XSS on impersonation under specific circumstances", }, { cve: "CVE-2022-1471", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-12-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2150009", }, ], notes: [ { category: "description", text: "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).", title: "Vulnerability description", }, { category: "summary", text: "SnakeYaml: Constructor Deserialization Remote Code Execution", title: "Vulnerability summary", }, { category: "other", text: "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml's SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker's control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml's Constructor class nor pass untrusted data to this class. When this class is used, it’s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1471", }, { category: "external", summary: "RHBZ#2150009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2150009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1471", url: "https://www.cve.org/CVERecord?id=CVE-2022-1471", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", url: "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", }, ], release_date: "2022-10-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "SnakeYaml: Constructor Deserialization Remote Code Execution", }, { cve: "CVE-2022-2764", discovery_date: "2022-08-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2117506", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2764", }, { category: "external", summary: "RHBZ#2117506", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117506", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2764", url: "https://www.cve.org/CVERecord?id=CVE-2022-2764", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", }, ], release_date: "2022-08-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", }, { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { acknowledgments: [ { names: [ "Peter Flintholm", ], organization: "Trifork", }, ], cve: "CVE-2022-3916", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2022-11-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2141404", }, ], notes: [ { category: "description", text: "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Session takeover with OIDC offline refreshtokens", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3916", }, { category: "external", summary: "RHBZ#2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3916", url: "https://www.cve.org/CVERecord?id=CVE-2022-3916", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", }, ], release_date: "2022-11-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Session takeover with OIDC offline refreshtokens", }, { acknowledgments: [ { names: [ "Thibault Guittet", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2022-4039", cwe: { id: "CWE-276", name: "Incorrect Default Permissions", }, discovery_date: "2022-11-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2143416", }, ], notes: [ { category: "description", text: "A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.", title: "Vulnerability description", }, { category: "summary", text: "rhsso-container-image: unsecured management interface exposed to adjecent network", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4039", }, { category: "external", summary: "RHBZ#2143416", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2143416", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4039", url: "https://www.cve.org/CVERecord?id=CVE-2022-4039", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4039", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4039", }, ], release_date: "2023-02-28T21:26:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "rhsso-container-image: unsecured management interface exposed to adjecent network", }, { cve: "CVE-2022-24785", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-04-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2072009", }, ], notes: [ { category: "description", text: "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", title: "Vulnerability description", }, { category: "summary", text: "Moment.js: Path traversal in moment.locale", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24785", }, { category: "external", summary: "RHBZ#2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24785", url: "https://www.cve.org/CVERecord?id=CVE-2022-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", url: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, { category: "workaround", details: "Sanitize the user-provided locale name before passing it to Moment.js.", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Moment.js: Path traversal in moment.locale", }, { cve: "CVE-2022-25857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2126789", }, ], notes: [ { category: "description", text: "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", title: "Vulnerability summary", }, { category: "other", text: "For RHEL-8 it's downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn't shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it's not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-25857", }, { category: "external", summary: "RHBZ#2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-25857", url: "https://www.cve.org/CVERecord?id=CVE-2022-25857", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", }, ], release_date: "2022-08-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", }, { cve: "CVE-2022-31129", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-07-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2105075", }, ], notes: [ { category: "description", text: "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", title: "Vulnerability description", }, { category: "summary", text: "moment: inefficient parsing algorithm resulting in DoS", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-31129", }, { category: "external", summary: "RHBZ#2105075", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105075", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-31129", url: "https://www.cve.org/CVERecord?id=CVE-2022-31129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", url: "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", }, ], release_date: "2022-07-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "moment: inefficient parsing algorithm resulting in DoS", }, { cve: "CVE-2022-37603", cwe: { id: "CWE-185", name: "Incorrect Regular Expression", }, discovery_date: "2022-11-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2140597", }, ], notes: [ { category: "description", text: "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.", title: "Vulnerability description", }, { category: "summary", text: "loader-utils: Regular expression denial of service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-37603", }, { category: "external", summary: "RHBZ#2140597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-37603", url: "https://www.cve.org/CVERecord?id=CVE-2022-37603", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", }, ], release_date: "2022-10-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "loader-utils: Regular expression denial of service", }, { cve: "CVE-2022-38749", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129706", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38749", }, { category: "external", summary: "RHBZ#2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38749", url: "https://www.cve.org/CVERecord?id=CVE-2022-38749", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", }, { cve: "CVE-2022-38750", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129707", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38750", }, { category: "external", summary: "RHBZ#2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38750", url: "https://www.cve.org/CVERecord?id=CVE-2022-38750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", }, { cve: "CVE-2022-38751", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129709", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38751", }, { category: "external", summary: "RHBZ#2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38751", url: "https://www.cve.org/CVERecord?id=CVE-2022-38751", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46175", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, discovery_date: "2022-12-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2156263", }, ], notes: [ { category: "description", text: "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", title: "Vulnerability description", }, { category: "summary", text: "json5: Prototype Pollution in JSON5 via Parse Method", title: "Vulnerability summary", }, { category: "other", text: "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46175", }, { category: "external", summary: "RHBZ#2156263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156263", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46175", url: "https://www.cve.org/CVERecord?id=CVE-2022-46175", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", }, { category: "external", summary: "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", url: "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", }, ], release_date: "2022-12-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "json5: Prototype Pollution in JSON5 via Parse Method", }, { cve: "CVE-2022-46363", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155681", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", title: "Vulnerability description", }, { category: "summary", text: "CXF: directory listing / code exfiltration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46363", }, { category: "external", summary: "RHBZ#2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46363", url: "https://www.cve.org/CVERecord?id=CVE-2022-46363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", }, { category: "external", summary: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", url: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: directory listing / code exfiltration", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, { acknowledgments: [ { names: [ "Sourav Kumar", ], organization: "https://github.com/souravs17031999", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2023-0091", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-10-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2158585", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Client Registration endpoint does not check token revocation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0091", }, { category: "external", summary: "RHBZ#2158585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158585", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0091", url: "https://www.cve.org/CVERecord?id=CVE-2023-0091", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", }, { category: "external", summary: "https://github.com/keycloak/security/issues/27", url: "https://github.com/keycloak/security/issues/27", }, ], release_date: "2022-10-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.8, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "keycloak: Client Registration endpoint does not check token revocation", }, { acknowledgments: [ { names: [ "Jordi Zayuelas i Muñoz", ], organization: "A1 Digital", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2023-0264", cwe: { id: "CWE-303", name: "Incorrect Implementation of Authentication Algorithm", }, discovery_date: "2023-01-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2160585", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak's OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: user impersonation via stolen uuid code", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0264", }, { category: "external", summary: "RHBZ#2160585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2160585", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0264", url: "https://www.cve.org/CVERecord?id=CVE-2023-0264", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", }, ], release_date: "2023-02-28T18:58:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: user impersonation via stolen uuid code", }, ], }
rhsa-2023:2041
Vulnerability from csaf_redhat
Published
2023-04-27 00:48
Modified
2025-03-14 22:49
Summary
Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update
Notes
Topic
Migration Toolkit for Applications 6.1.0 release
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Migration Toolkit for Applications 6.1.0 Images
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* Apache CXF: SSRF Vulnerability (CVE-2022-46364)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Migration Toolkit for Applications 6.1.0 release\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Migration Toolkit for Applications 6.1.0 Images\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)\n\n* Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:2041", url: "https://access.redhat.com/errata/RHSA-2023:2041", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2162200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162200", }, { category: "external", summary: "2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "MTA-118", url: "https://issues.redhat.com/browse/MTA-118", }, { category: "external", summary: "MTA-123", url: "https://issues.redhat.com/browse/MTA-123", }, { category: "external", summary: "MTA-129", url: "https://issues.redhat.com/browse/MTA-129", }, { category: "external", summary: "MTA-160", url: "https://issues.redhat.com/browse/MTA-160", }, { category: "external", summary: "MTA-204", url: "https://issues.redhat.com/browse/MTA-204", }, { category: "external", summary: "MTA-256", url: "https://issues.redhat.com/browse/MTA-256", }, { category: "external", summary: "MTA-260", url: "https://issues.redhat.com/browse/MTA-260", }, { category: "external", summary: "MTA-261", url: "https://issues.redhat.com/browse/MTA-261", }, { category: "external", summary: "MTA-263", url: "https://issues.redhat.com/browse/MTA-263", }, { category: "external", summary: "MTA-267", url: "https://issues.redhat.com/browse/MTA-267", }, { category: "external", summary: "MTA-268", url: "https://issues.redhat.com/browse/MTA-268", }, { category: "external", summary: "MTA-279", url: "https://issues.redhat.com/browse/MTA-279", }, { category: "external", summary: "MTA-28", url: "https://issues.redhat.com/browse/MTA-28", }, { category: "external", summary: "MTA-282", url: "https://issues.redhat.com/browse/MTA-282", }, { category: "external", summary: "MTA-283", url: "https://issues.redhat.com/browse/MTA-283", }, { category: "external", summary: "MTA-284", url: "https://issues.redhat.com/browse/MTA-284", }, { category: "external", summary: "MTA-29", url: "https://issues.redhat.com/browse/MTA-29", }, { category: "external", summary: "MTA-297", url: "https://issues.redhat.com/browse/MTA-297", }, { category: "external", summary: "MTA-298", url: "https://issues.redhat.com/browse/MTA-298", }, { category: "external", summary: "MTA-299", url: "https://issues.redhat.com/browse/MTA-299", }, { category: "external", summary: "MTA-300", url: "https://issues.redhat.com/browse/MTA-300", }, { category: "external", summary: "MTA-303", url: "https://issues.redhat.com/browse/MTA-303", }, { category: "external", summary: "MTA-304", url: "https://issues.redhat.com/browse/MTA-304", }, { category: "external", summary: "MTA-306", url: "https://issues.redhat.com/browse/MTA-306", }, { category: "external", summary: "MTA-311", url: "https://issues.redhat.com/browse/MTA-311", }, { category: "external", summary: "MTA-314", url: "https://issues.redhat.com/browse/MTA-314", }, { category: "external", summary: "MTA-330", url: "https://issues.redhat.com/browse/MTA-330", }, { category: "external", summary: "MTA-332", url: "https://issues.redhat.com/browse/MTA-332", }, { category: "external", summary: "MTA-34", url: "https://issues.redhat.com/browse/MTA-34", }, { category: "external", summary: "MTA-345", url: "https://issues.redhat.com/browse/MTA-345", }, { category: "external", summary: "MTA-35", url: "https://issues.redhat.com/browse/MTA-35", }, { category: "external", summary: "MTA-350", url: "https://issues.redhat.com/browse/MTA-350", }, { category: "external", summary: "MTA-351", url: "https://issues.redhat.com/browse/MTA-351", }, { category: "external", summary: "MTA-356", url: "https://issues.redhat.com/browse/MTA-356", }, { category: "external", summary: "MTA-363", url: "https://issues.redhat.com/browse/MTA-363", }, { category: "external", summary: "MTA-364", url: "https://issues.redhat.com/browse/MTA-364", }, { category: "external", summary: "MTA-366", url: "https://issues.redhat.com/browse/MTA-366", }, { category: "external", summary: "MTA-367", url: "https://issues.redhat.com/browse/MTA-367", }, { category: "external", summary: "MTA-369", url: "https://issues.redhat.com/browse/MTA-369", }, { category: "external", summary: "MTA-375", url: "https://issues.redhat.com/browse/MTA-375", }, { category: "external", summary: "MTA-377", url: "https://issues.redhat.com/browse/MTA-377", }, { category: "external", summary: "MTA-378", url: "https://issues.redhat.com/browse/MTA-378", }, { category: "external", summary: "MTA-38", url: "https://issues.redhat.com/browse/MTA-38", }, { category: "external", summary: "MTA-381", url: "https://issues.redhat.com/browse/MTA-381", }, { category: "external", summary: "MTA-382", url: "https://issues.redhat.com/browse/MTA-382", }, { category: "external", summary: "MTA-388", url: "https://issues.redhat.com/browse/MTA-388", }, { category: "external", summary: "MTA-389", url: "https://issues.redhat.com/browse/MTA-389", }, { category: "external", summary: "MTA-391", url: "https://issues.redhat.com/browse/MTA-391", }, { category: "external", summary: "MTA-392", url: "https://issues.redhat.com/browse/MTA-392", }, { category: "external", summary: "MTA-41", url: "https://issues.redhat.com/browse/MTA-41", }, { category: "external", summary: "MTA-412", url: "https://issues.redhat.com/browse/MTA-412", }, { category: "external", summary: "MTA-428", url: "https://issues.redhat.com/browse/MTA-428", }, { category: "external", summary: "MTA-430", url: "https://issues.redhat.com/browse/MTA-430", }, { category: "external", summary: "MTA-438", url: "https://issues.redhat.com/browse/MTA-438", }, { category: "external", summary: "MTA-439", url: "https://issues.redhat.com/browse/MTA-439", }, { category: "external", summary: "MTA-443", url: "https://issues.redhat.com/browse/MTA-443", }, { category: "external", summary: "MTA-50", url: "https://issues.redhat.com/browse/MTA-50", }, { category: "external", summary: "MTA-51", url: "https://issues.redhat.com/browse/MTA-51", }, { category: "external", summary: "MTA-52", url: "https://issues.redhat.com/browse/MTA-52", }, { category: "external", summary: "MTA-55", url: "https://issues.redhat.com/browse/MTA-55", }, { category: "external", summary: "MTA-78", url: "https://issues.redhat.com/browse/MTA-78", }, { category: "external", summary: "MTA-99", url: "https://issues.redhat.com/browse/MTA-99", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2041.json", }, ], title: "Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update", tracking: { current_release_date: "2025-03-14T22:49:44+00:00", generator: { date: "2025-03-14T22:49:44+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:2041", initial_release_date: "2023-04-27T00:48:48+00:00", revision_history: [ { date: "2023-04-27T00:48:48+00:00", number: "1", summary: "Initial version", }, { date: "2023-04-27T00:48:48+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T22:49:44+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "MTA 6.1 for RHEL 8", product: { name: "MTA 6.1 for RHEL 8", product_id: "8Base-MTA-6.1", product_identification_helper: { cpe: "cpe:/a:redhat:migration_toolkit_applications:6.1::el8", }, }, }, ], category: "product_family", name: "Migration Toolkit for Applications", }, { branches: [ { category: "product_version", name: "mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", product: { name: "mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", product_id: "mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", product_identification_helper: { purl: "pkg:oci/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166?arch=amd64&repository_url=registry.redhat.io/mta/mta-hub-rhel8&tag=6.1.0-10", }, }, }, { category: "product_version", name: "mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", product: { name: "mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", product_id: "mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", product_identification_helper: { purl: "pkg:oci/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35?arch=amd64&repository_url=registry.redhat.io/mta/mta-operator-bundle&tag=6.1.0-16", }, }, }, { category: "product_version", name: "mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", product: { name: "mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", product_id: "mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", product_identification_helper: { purl: "pkg:oci/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09?arch=amd64&repository_url=registry.redhat.io/mta/mta-rhel8-operator&tag=6.1.0-11", }, }, }, { category: "product_version", name: "mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", product: { name: "mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", product_id: "mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", product_identification_helper: { purl: "pkg:oci/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46?arch=amd64&repository_url=registry.redhat.io/mta/mta-pathfinder-rhel8&tag=6.1.0-7", }, }, }, { category: "product_version", name: "mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", product: { name: "mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", product_id: "mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", product_identification_helper: { purl: "pkg:oci/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685?arch=amd64&repository_url=registry.redhat.io/mta/mta-ui-rhel8&tag=6.1.0-13", }, }, }, { category: "product_version", name: "mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", product: { name: "mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", product_id: "mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", product_identification_helper: { purl: "pkg:oci/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0?arch=amd64&repository_url=registry.redhat.io/mta/mta-windup-addon-rhel8&tag=6.1.0-11", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64 as a component of MTA 6.1 for RHEL 8", product_id: "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", }, product_reference: "mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", relates_to_product_reference: "8Base-MTA-6.1", }, { category: "default_component_of", full_product_name: { name: "mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64 as a component of MTA 6.1 for RHEL 8", product_id: "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", }, product_reference: "mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", relates_to_product_reference: "8Base-MTA-6.1", }, { category: "default_component_of", full_product_name: { name: "mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64 as a component of MTA 6.1 for RHEL 8", product_id: "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", }, product_reference: "mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", relates_to_product_reference: "8Base-MTA-6.1", }, { category: "default_component_of", full_product_name: { name: "mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64 as a component of MTA 6.1 for RHEL 8", product_id: "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", }, product_reference: "mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", relates_to_product_reference: "8Base-MTA-6.1", }, { category: "default_component_of", full_product_name: { name: "mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64 as a component of MTA 6.1 for RHEL 8", product_id: "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", }, product_reference: "mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", relates_to_product_reference: "8Base-MTA-6.1", }, { category: "default_component_of", full_product_name: { name: "mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64 as a component of MTA 6.1 for RHEL 8", product_id: "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", }, product_reference: "mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", relates_to_product_reference: "8Base-MTA-6.1", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], known_not_affected: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-27T00:48:48+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2041", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { cve: "CVE-2022-31690", cwe: { id: "CWE-269", name: "Improper Privilege Management", }, discovery_date: "2023-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2162200", }, ], notes: [ { category: "description", text: "A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker can gain elevated privileges on the system.", title: "Vulnerability description", }, { category: "summary", text: "spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel-K, Camel-Quarkus, and Camel-SpringBoot do not directly use or ship the affected software, but do have references to it in their Maven POMs. As such their impact has been reduced to Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], known_not_affected: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-31690", }, { category: "external", summary: "RHBZ#2162200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162200", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-31690", url: "https://www.cve.org/CVERecord?id=CVE-2022-31690", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-31690", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-31690", }, { category: "external", summary: "https://spring.io/security/cve-2022-31690", url: "https://spring.io/security/cve-2022-31690", }, ], release_date: "2022-10-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-27T00:48:48+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2041", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client", }, { cve: "CVE-2022-41966", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2023-02-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2170431", }, ], notes: [ { category: "description", text: "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.", title: "Vulnerability description", }, { category: "summary", text: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], known_not_affected: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41966", }, { category: "external", summary: "RHBZ#2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41966", url: "https://www.cve.org/CVERecord?id=CVE-2022-41966", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", }, { category: "external", summary: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", url: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", }, ], release_date: "2022-12-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-27T00:48:48+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2041", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], known_not_affected: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-27T00:48:48+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2041", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64", "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64", "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64", "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64", "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64", "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, ], }
RHSA-2023:3185
Vulnerability from csaf_redhat
Published
2023-05-17 13:58
Modified
2025-03-14 23:39
Summary
Red Hat Security Advisory: Red Hat AMQ Broker 7.10.3 release and security update
Notes
Topic
Red Hat AMQ Broker 7.10.3 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.
This release of Red Hat AMQ Broker 7.10.3 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* springframework: DoS via data binding to multipartFile or servlet part (CVE-2022-22970)
* springframework: DoS with STOMP over WebSocket (CVE-2022-22971)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)
* RESTEasy: creation of insecure temp files (CVE-2023-0482)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat AMQ Broker 7.10.3 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.\n\nThis release of Red Hat AMQ Broker 7.10.3 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* springframework: DoS via data binding to multipartFile or servlet part (CVE-2022-22970)\n\n* springframework: DoS with STOMP over WebSocket (CVE-2022-22971)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:3185", url: "https://access.redhat.com/errata/RHSA-2023:3185", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.10.3", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.10.3", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.10", url: "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.10", }, { category: "external", summary: "2087272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087272", }, { category: "external", summary: "2087274", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087274", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2166004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2166004", }, { category: "external", summary: "2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3185.json", }, ], title: "Red Hat Security Advisory: Red Hat AMQ Broker 7.10.3 release and security update", tracking: { current_release_date: "2025-03-14T23:39:50+00:00", generator: { date: "2025-03-14T23:39:50+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:3185", initial_release_date: "2023-05-17T13:58:49+00:00", revision_history: [ { date: "2023-05-17T13:58:49+00:00", number: "1", summary: "Initial version", }, { date: "2023-05-17T13:58:49+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T23:39:50+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "AMQ Broker 7.10.3", product: { name: "AMQ Broker 7.10.3", product_id: "AMQ Broker 7.10.3", product_identification_helper: { cpe: "cpe:/a:redhat:amq_broker:7", }, }, }, ], category: "product_family", name: "Red Hat JBoss AMQ", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.10.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-17T13:58:49+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.10.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3185", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "AMQ Broker 7.10.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { cve: "CVE-2022-22970", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2087272", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. Applications that handle file uploads are vulnerable to a denial of service (DoS) attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.", title: "Vulnerability description", }, { category: "summary", text: "springframework: DoS via data binding to multipartFile or servlet part", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.10.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-22970", }, { category: "external", summary: "RHBZ#2087272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087272", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-22970", url: "https://www.cve.org/CVERecord?id=CVE-2022-22970", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-22970", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-22970", }, { category: "external", summary: "https://tanzu.vmware.com/security/cve-2022-22970", url: "https://tanzu.vmware.com/security/cve-2022-22970", }, ], release_date: "2022-05-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-17T13:58:49+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.10.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AMQ Broker 7.10.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "springframework: DoS via data binding to multipartFile or servlet part", }, { cve: "CVE-2022-22971", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2087274", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user.", title: "Vulnerability description", }, { category: "summary", text: "springframework: DoS with STOMP over WebSocket", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.10.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-22971", }, { category: "external", summary: "RHBZ#2087274", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087274", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-22971", url: "https://www.cve.org/CVERecord?id=CVE-2022-22971", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-22971", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-22971", }, { category: "external", summary: "https://tanzu.vmware.com/security/cve-2022-22971", url: "https://tanzu.vmware.com/security/cve-2022-22971", }, ], release_date: "2022-05-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-17T13:58:49+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.10.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3185", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AMQ Broker 7.10.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "springframework: DoS with STOMP over WebSocket", }, { cve: "CVE-2023-0482", cwe: { id: "CWE-378", name: "Creation of Temporary File With Insecure Permissions", }, discovery_date: "2023-01-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2166004", }, ], notes: [ { category: "description", text: "In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.", title: "Vulnerability description", }, { category: "summary", text: "RESTEasy: creation of insecure temp files", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.10.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0482", }, { category: "external", summary: "RHBZ#2166004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2166004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0482", url: "https://www.cve.org/CVERecord?id=CVE-2023-0482", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0482", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0482", }, ], release_date: "2023-01-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-17T13:58:49+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.10.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3185", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "AMQ Broker 7.10.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "RESTEasy: creation of insecure temp files", }, { cve: "CVE-2023-20860", cwe: { id: "CWE-155", name: "Improper Neutralization of Wildcards or Matching Symbols", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180528", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", title: "Vulnerability description", }, { category: "summary", text: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.10.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20860", }, { category: "external", summary: "RHBZ#2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20860", url: "https://www.cve.org/CVERecord?id=CVE-2023-20860", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-17T13:58:49+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.10.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3185", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "AMQ Broker 7.10.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", }, { cve: "CVE-2023-20861", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180530", }, ], notes: [ { category: "description", text: "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "springframework: Spring Expression DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.10.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20861", }, { category: "external", summary: "RHBZ#2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20861", url: "https://www.cve.org/CVERecord?id=CVE-2023-20861", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-17T13:58:49+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.10.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3185", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "AMQ Broker 7.10.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "springframework: Spring Expression DoS Vulnerability", }, ], }
rhsa-2023:1661
Vulnerability from csaf_redhat
Published
2023-04-05 13:34
Modified
2025-03-16 06:47
Summary
Red Hat Security Advisory: Red Hat AMQ Broker 7.11.0 release and security update
Notes
Topic
Red Hat AMQ Broker 7.11.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.
This release of Red Hat AMQ Broker 7.11.0 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* springframework: DoS via data binding to multipartFile or servlet part (CVE-2022-22970)
* springframework: DoS with STOMP over WebSocket (CVE-2022-22971)
* WildFly: possible information disclosure (CVE-2022-1278)
* jetty-http: improver hostname input handling (CVE-2022-2047)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat AMQ Broker 7.11.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.\n\nThis release of Red Hat AMQ Broker 7.11.0 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* springframework: DoS via data binding to multipartFile or servlet part (CVE-2022-22970)\n\n* springframework: DoS with STOMP over WebSocket (CVE-2022-22971)\n\n* WildFly: possible information disclosure (CVE-2022-1278)\n\n* jetty-http: improver hostname input handling (CVE-2022-2047)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:1661", url: "https://access.redhat.com/errata/RHSA-2023:1661", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.11.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.11.0", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.11", url: "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.11", }, { category: "external", summary: "2073401", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073401", }, { category: "external", summary: "2087272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087272", }, { category: "external", summary: "2087274", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087274", }, { category: "external", summary: "2116949", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2116949", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1661.json", }, ], title: "Red Hat Security Advisory: Red Hat AMQ Broker 7.11.0 release and security update", tracking: { current_release_date: "2025-03-16T06:47:16+00:00", generator: { date: "2025-03-16T06:47:16+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:1661", initial_release_date: "2023-04-05T13:34:59+00:00", revision_history: [ { date: "2023-04-05T13:34:59+00:00", number: "1", summary: "Initial version", }, { date: "2023-04-05T13:34:59+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-16T06:47:16+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "AMQ Broker 7.11.0", product: { name: "AMQ Broker 7.11.0", product_id: "AMQ Broker 7.11.0", product_identification_helper: { cpe: "cpe:/a:redhat:amq_broker:7", }, }, }, ], category: "product_family", name: "Red Hat JBoss AMQ", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-1278", cwe: { id: "CWE-1188", name: "Initialization of a Resource with an Insecure Default", }, discovery_date: "2022-04-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073401", }, ], notes: [ { category: "description", text: "A flaw was found in WildFly. This flaw allows an attacker to see deployment names, endpoints, and any other data the trace payload may contain.", title: "Vulnerability description", }, { category: "summary", text: "WildFly: possible information disclosure", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.11.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1278", }, { category: "external", summary: "RHBZ#2073401", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073401", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1278", url: "https://www.cve.org/CVERecord?id=CVE-2022-1278", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1278", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1278", }, ], release_date: "2022-04-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-05T13:34:59+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.11.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1661", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "AMQ Broker 7.11.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "WildFly: possible information disclosure", }, { cve: "CVE-2022-2047", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-08-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2116949", }, ], notes: [ { category: "description", text: "A flaw was found in Eclipse Jetty. When parsing the authority segment of an HTTP scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This issue can lead to failures in a Proxy scenario.", title: "Vulnerability description", }, { category: "summary", text: "jetty-http: improver hostname input handling", title: "Vulnerability summary", }, { category: "other", text: "In Red Hat Satellite jetty was used to build index files to search documentation. Nowadays in Satellite 6.9 and 6.10 jetty dependency is not in use and there is no access to it, so there is no way this vulnerability can be exploitable. Therefore Satellite supported versions are not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.11.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2047", }, { category: "external", summary: "RHBZ#2116949", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2116949", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2047", url: "https://www.cve.org/CVERecord?id=CVE-2022-2047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2047", }, { category: "external", summary: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q", url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q", }, ], release_date: "2022-07-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-05T13:34:59+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.11.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1661", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "AMQ Broker 7.11.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jetty-http: improver hostname input handling", }, { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.11.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-05T13:34:59+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.11.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1661", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "AMQ Broker 7.11.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { cve: "CVE-2022-22970", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2087272", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. Applications that handle file uploads are vulnerable to a denial of service (DoS) attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.", title: "Vulnerability description", }, { category: "summary", text: "springframework: DoS via data binding to multipartFile or servlet part", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.11.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-22970", }, { category: "external", summary: "RHBZ#2087272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087272", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-22970", url: "https://www.cve.org/CVERecord?id=CVE-2022-22970", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-22970", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-22970", }, { category: "external", summary: "https://tanzu.vmware.com/security/cve-2022-22970", url: "https://tanzu.vmware.com/security/cve-2022-22970", }, ], release_date: "2022-05-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-05T13:34:59+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.11.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1661", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AMQ Broker 7.11.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "springframework: DoS via data binding to multipartFile or servlet part", }, { cve: "CVE-2022-22971", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2087274", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user.", title: "Vulnerability description", }, { category: "summary", text: "springframework: DoS with STOMP over WebSocket", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.11.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-22971", }, { category: "external", summary: "RHBZ#2087274", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087274", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-22971", url: "https://www.cve.org/CVERecord?id=CVE-2022-22971", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-22971", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-22971", }, { category: "external", summary: "https://tanzu.vmware.com/security/cve-2022-22971", url: "https://tanzu.vmware.com/security/cve-2022-22971", }, ], release_date: "2022-05-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-04-05T13:34:59+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.11.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1661", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AMQ Broker 7.11.0", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "springframework: DoS with STOMP over WebSocket", }, ], }
rhsa-2023_1047
Vulnerability from csaf_redhat
Published
2023-03-01 21:46
Modified
2024-12-18 00:38
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update
Notes
Topic
A new image is available for Red Hat Single Sign-On 7.6.2, running on Red
Hat OpenShift Container Platform from the release of 3.11 up to the release
of 4.12.0.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On is an integrated sign-on solution, available as a
Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat
Single Sign-On for OpenShift image provides an authentication server that
you can use to log in centrally, log out, and register. You can also manage
user accounts for web applications, mobile applications, and RESTful web
services.
* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* RH-SSO for OpenShift images: unsecured management interface exposed to adjacent network (CVE-2022-4039)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* keycloak: minimist: prototype pollution (CVE-2021-44906)
* keycloak: missing email notification template allowlist (CVE-2022-1274)
* keycloak: XSS on izmpersonation under specific circumstances (CVE-2022-1438)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)
* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)
This erratum releases a new image for Red Hat Single Sign-On 7.6.2 for use
within the Red Hat OpenShift Container Platform (from the release of 3.11
up to the release of 4.12.0) cloud computing Platform-as-a-Service (PaaS)
for on-premise or private cloud deployments, aligning with the standalone
product release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A new image is available for Red Hat Single Sign-On 7.6.2, running on Red\nHat OpenShift Container Platform from the release of 3.11 up to the release\nof 4.12.0.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On is an integrated sign-on solution, available as a\nRed Hat JBoss Middleware for OpenShift containerized image. The Red Hat\nSingle Sign-On for OpenShift image provides an authentication server that\nyou can use to log in centrally, log out, and register. You can also manage\nuser accounts for web applications, mobile applications, and RESTful web\nservices.\n\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* RH-SSO for OpenShift images: unsecured management interface exposed to adjacent network (CVE-2022-4039)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: XSS on izmpersonation under specific circumstances (CVE-2022-1438)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n\nThis erratum releases a new image for Red Hat Single Sign-On 7.6.2 for use\nwithin the Red Hat OpenShift Container Platform (from the release of 3.11\nup to the release of 4.12.0) cloud computing Platform-as-a-Service (PaaS)\nfor on-premise or private cloud deployments, aligning with the standalone\nproduct release.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:1047", url: "https://access.redhat.com/errata/RHSA-2023:1047", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "2031904", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031904", }, { category: "external", summary: "2066009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066009", }, { category: "external", summary: "2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "2073157", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073157", }, { category: "external", summary: "2105075", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105075", }, { category: "external", summary: "2117506", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117506", }, { category: "external", summary: "2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2140597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140597", }, { category: "external", summary: "2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "2143416", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2143416", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2150009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2150009", }, { category: "external", summary: "2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "2156263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156263", }, { category: "external", summary: "2156324", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156324", }, { category: "external", summary: "2158585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158585", }, { category: "external", summary: "2160585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2160585", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1047.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update", tracking: { current_release_date: "2024-12-18T00:38:34+00:00", generator: { date: "2024-12-18T00:38:34+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:1047", initial_release_date: "2023-03-01T21:46:46+00:00", revision_history: [ { date: "2023-03-01T21:46:46+00:00", number: "1", summary: "Initial version", }, { date: "2023-03-01T21:46:46+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-18T00:38:34+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Middleware Containers for OpenShift", product: { name: "Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware", product_identification_helper: { cpe: "cpe:/a:redhat:rhosemc:1.0::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21?arch=s390x&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-20", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60?arch=ppc64le&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-20", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f?arch=amd64&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-20", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64 as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", relates_to_product_reference: "8Base-RHOSE-Middleware", }, ], }, vulnerabilities: [ { cve: "CVE-2018-14040", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601614", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14040", }, { category: "external", summary: "RHBZ#1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14040", url: "https://www.cve.org/CVERecord?id=CVE-2018-14040", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", }, { cve: "CVE-2018-14042", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601617", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14042", }, { category: "external", summary: "RHBZ#1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14042", url: "https://www.cve.org/CVERecord?id=CVE-2018-14042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", }, { cve: "CVE-2019-11358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-03-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1701972", }, ], notes: [ { category: "description", text: "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11358", }, { category: "external", summary: "RHBZ#1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11358", url: "https://www.cve.org/CVERecord?id=CVE-2019-11358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", }, { category: "external", summary: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { category: "external", summary: "https://www.drupal.org/sa-core-2019-006", url: "https://www.drupal.org/sa-core-2019-006", }, ], release_date: "2019-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", }, { cve: "CVE-2020-11022", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-04-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1828406", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", title: "Vulnerability summary", }, { category: "other", text: "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11022", }, { category: "external", summary: "RHBZ#1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11022", url: "https://www.cve.org/CVERecord?id=CVE-2020-11022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", }, { category: "external", summary: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", url: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", }, ], release_date: "2020-04-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", }, { cve: "CVE-2021-35065", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-12-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2156324", }, ], notes: [ { category: "description", text: "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", title: "Vulnerability description", }, { category: "summary", text: "glob-parent: Regular Expression Denial of Service", title: "Vulnerability summary", }, { category: "other", text: "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-35065", }, { category: "external", summary: "RHBZ#2156324", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156324", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-35065", url: "https://www.cve.org/CVERecord?id=CVE-2021-35065", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", url: "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", }, ], release_date: "2022-12-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "glob-parent: Regular Expression Denial of Service", }, { cve: "CVE-2021-44906", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, discovery_date: "2022-03-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2066009", }, ], notes: [ { category: "description", text: "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", title: "Vulnerability description", }, { category: "summary", text: "minimist: prototype pollution", title: "Vulnerability summary", }, { category: "other", text: "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44906", }, { category: "external", summary: "RHBZ#2066009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44906", url: "https://www.cve.org/CVERecord?id=CVE-2021-44906", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", }, { category: "external", summary: "https://github.com/advisories/GHSA-xvch-5gv4-984h", url: "https://github.com/advisories/GHSA-xvch-5gv4-984h", }, ], release_date: "2022-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "minimist: prototype pollution", }, { acknowledgments: [ { names: [ "Marcus Nilsson", ], organization: "usd AG", }, ], cve: "CVE-2022-1274", cwe: { id: "CWE-80", name: "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", }, discovery_date: "2022-04-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073157", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: HTML injection in execute-actions-email Admin REST API", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1274", }, { category: "external", summary: "RHBZ#2073157", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073157", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1274", url: "https://www.cve.org/CVERecord?id=CVE-2022-1274", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", }, ], release_date: "2023-02-28T18:57:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: HTML injection in execute-actions-email Admin REST API", }, { acknowledgments: [ { names: [ "Grzegorz Tworek", ], organization: "SISOFT s.c.", }, ], cve: "CVE-2022-1438", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2021-12-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031904", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: XSS on impersonation under specific circumstances", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1438", }, { category: "external", summary: "RHBZ#2031904", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031904", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1438", url: "https://www.cve.org/CVERecord?id=CVE-2022-1438", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1438", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1438", }, ], release_date: "2023-02-28T18:56:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: XSS on impersonation under specific circumstances", }, { cve: "CVE-2022-1471", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-12-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2150009", }, ], notes: [ { category: "description", text: "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).", title: "Vulnerability description", }, { category: "summary", text: "SnakeYaml: Constructor Deserialization Remote Code Execution", title: "Vulnerability summary", }, { category: "other", text: "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml's SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker's control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml's Constructor class nor pass untrusted data to this class. When this class is used, it’s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1471", }, { category: "external", summary: "RHBZ#2150009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2150009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1471", url: "https://www.cve.org/CVERecord?id=CVE-2022-1471", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", url: "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", }, ], release_date: "2022-10-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "SnakeYaml: Constructor Deserialization Remote Code Execution", }, { cve: "CVE-2022-2764", discovery_date: "2022-08-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2117506", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2764", }, { category: "external", summary: "RHBZ#2117506", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117506", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2764", url: "https://www.cve.org/CVERecord?id=CVE-2022-2764", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", }, ], release_date: "2022-08-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", }, { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { acknowledgments: [ { names: [ "Peter Flintholm", ], organization: "Trifork", }, ], cve: "CVE-2022-3916", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2022-11-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2141404", }, ], notes: [ { category: "description", text: "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Session takeover with OIDC offline refreshtokens", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3916", }, { category: "external", summary: "RHBZ#2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3916", url: "https://www.cve.org/CVERecord?id=CVE-2022-3916", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", }, ], release_date: "2022-11-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Session takeover with OIDC offline refreshtokens", }, { acknowledgments: [ { names: [ "Thibault Guittet", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2022-4039", cwe: { id: "CWE-276", name: "Incorrect Default Permissions", }, discovery_date: "2022-11-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2143416", }, ], notes: [ { category: "description", text: "A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.", title: "Vulnerability description", }, { category: "summary", text: "rhsso-container-image: unsecured management interface exposed to adjecent network", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4039", }, { category: "external", summary: "RHBZ#2143416", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2143416", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4039", url: "https://www.cve.org/CVERecord?id=CVE-2022-4039", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4039", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4039", }, ], release_date: "2023-02-28T21:26:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "rhsso-container-image: unsecured management interface exposed to adjecent network", }, { cve: "CVE-2022-24785", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-04-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2072009", }, ], notes: [ { category: "description", text: "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", title: "Vulnerability description", }, { category: "summary", text: "Moment.js: Path traversal in moment.locale", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24785", }, { category: "external", summary: "RHBZ#2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24785", url: "https://www.cve.org/CVERecord?id=CVE-2022-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", url: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, { category: "workaround", details: "Sanitize the user-provided locale name before passing it to Moment.js.", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Moment.js: Path traversal in moment.locale", }, { cve: "CVE-2022-25857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2126789", }, ], notes: [ { category: "description", text: "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", title: "Vulnerability summary", }, { category: "other", text: "For RHEL-8 it's downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn't shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it's not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-25857", }, { category: "external", summary: "RHBZ#2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-25857", url: "https://www.cve.org/CVERecord?id=CVE-2022-25857", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", }, ], release_date: "2022-08-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", }, { cve: "CVE-2022-31129", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-07-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2105075", }, ], notes: [ { category: "description", text: "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", title: "Vulnerability description", }, { category: "summary", text: "moment: inefficient parsing algorithm resulting in DoS", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-31129", }, { category: "external", summary: "RHBZ#2105075", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105075", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-31129", url: "https://www.cve.org/CVERecord?id=CVE-2022-31129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", url: "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", }, ], release_date: "2022-07-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "moment: inefficient parsing algorithm resulting in DoS", }, { cve: "CVE-2022-37603", cwe: { id: "CWE-185", name: "Incorrect Regular Expression", }, discovery_date: "2022-11-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2140597", }, ], notes: [ { category: "description", text: "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.", title: "Vulnerability description", }, { category: "summary", text: "loader-utils: Regular expression denial of service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-37603", }, { category: "external", summary: "RHBZ#2140597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-37603", url: "https://www.cve.org/CVERecord?id=CVE-2022-37603", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", }, ], release_date: "2022-10-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "loader-utils: Regular expression denial of service", }, { cve: "CVE-2022-38749", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129706", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38749", }, { category: "external", summary: "RHBZ#2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38749", url: "https://www.cve.org/CVERecord?id=CVE-2022-38749", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", }, { cve: "CVE-2022-38750", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129707", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38750", }, { category: "external", summary: "RHBZ#2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38750", url: "https://www.cve.org/CVERecord?id=CVE-2022-38750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", }, { cve: "CVE-2022-38751", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129709", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38751", }, { category: "external", summary: "RHBZ#2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38751", url: "https://www.cve.org/CVERecord?id=CVE-2022-38751", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46175", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, discovery_date: "2022-12-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2156263", }, ], notes: [ { category: "description", text: "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", title: "Vulnerability description", }, { category: "summary", text: "json5: Prototype Pollution in JSON5 via Parse Method", title: "Vulnerability summary", }, { category: "other", text: "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46175", }, { category: "external", summary: "RHBZ#2156263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156263", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46175", url: "https://www.cve.org/CVERecord?id=CVE-2022-46175", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", }, { category: "external", summary: "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", url: "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", }, ], release_date: "2022-12-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "json5: Prototype Pollution in JSON5 via Parse Method", }, { cve: "CVE-2022-46363", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155681", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", title: "Vulnerability description", }, { category: "summary", text: "CXF: directory listing / code exfiltration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46363", }, { category: "external", summary: "RHBZ#2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46363", url: "https://www.cve.org/CVERecord?id=CVE-2022-46363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", }, { category: "external", summary: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", url: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: directory listing / code exfiltration", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, { acknowledgments: [ { names: [ "Sourav Kumar", ], organization: "https://github.com/souravs17031999", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2023-0091", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-10-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2158585", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Client Registration endpoint does not check token revocation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0091", }, { category: "external", summary: "RHBZ#2158585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158585", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0091", url: "https://www.cve.org/CVERecord?id=CVE-2023-0091", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", }, { category: "external", summary: "https://github.com/keycloak/security/issues/27", url: "https://github.com/keycloak/security/issues/27", }, ], release_date: "2022-10-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.8, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "keycloak: Client Registration endpoint does not check token revocation", }, { acknowledgments: [ { names: [ "Jordi Zayuelas i Muñoz", ], organization: "A1 Digital", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2023-0264", cwe: { id: "CWE-303", name: "Incorrect Implementation of Authentication Algorithm", }, discovery_date: "2023-01-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2160585", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak's OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: user impersonation via stolen uuid code", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0264", }, { category: "external", summary: "RHBZ#2160585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2160585", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0264", url: "https://www.cve.org/CVERecord?id=CVE-2023-0264", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", }, ], release_date: "2023-02-28T18:58:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: user impersonation via stolen uuid code", }, ], }
rhsa-2022_8961
Vulnerability from csaf_redhat
Published
2022-12-13 14:02
Modified
2024-11-22 21:11
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 7
Notes
Topic
New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8961", url: "https://access.redhat.com/errata/RHSA-2022:8961", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "CIAM-4414", url: "https://issues.redhat.com/browse/CIAM-4414", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8961.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 7", tracking: { current_release_date: "2024-11-22T21:11:01+00:00", generator: { date: "2024-11-22T21:11:01+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:8961", initial_release_date: "2022-12-13T14:02:36+00:00", revision_history: [ { date: "2022-12-13T14:02:36+00:00", number: "1", summary: "Initial version", }, { date: "2022-12-13T14:02:36+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:11:01+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 7 Server", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00002.1.el7sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00002.1.el7sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00002.1.el7sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", relates_to_product_reference: "7Server-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", relates_to_product_reference: "7Server-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", relates_to_product_reference: "7Server-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:02:36+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8961", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { acknowledgments: [ { names: [ "Peter Flintholm", ], organization: "Trifork", }, ], cve: "CVE-2022-3916", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2022-11-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2141404", }, ], notes: [ { category: "description", text: "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Session takeover with OIDC offline refreshtokens", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3916", }, { category: "external", summary: "RHBZ#2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3916", url: "https://www.cve.org/CVERecord?id=CVE-2022-3916", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", }, ], release_date: "2022-11-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:02:36+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8961", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Session takeover with OIDC offline refreshtokens", }, ], }
rhsa-2023_3815
Vulnerability from csaf_redhat
Published
2023-06-27 11:28
Modified
2024-12-16 07:30
Summary
Red Hat Security Advisory: Service Registry (container images) release and security update [2.4.3 GA]
Notes
Topic
An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat Integration - Service Registry 2.4.3 GA includes the following security fixes.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* protobuf-java: Textformat parsing issue leads to DoS (CVE-2022-3509)
* protobuf-java: Message-Type Extensions parsing issue leads to DoS (CVE-2022-3510)
* json-pointer: prototype pollution in json-pointer (CVE-2022-4742)
* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787)
* graphql-java: crafted GraphQL query causes stack consumption (CVE-2023-28867)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of Red Hat Integration - Service Registry 2.4.3 GA includes the following security fixes.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* protobuf-java: Textformat parsing issue leads to DoS (CVE-2022-3509)\n\n* protobuf-java: Message-Type Extensions parsing issue leads to DoS (CVE-2022-3510)\n\n* json-pointer: prototype pollution in json-pointer (CVE-2022-4742)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787)\n\n* graphql-java: crafted GraphQL query causes stack consumption (CVE-2023-28867)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:3815", url: "https://access.redhat.com/errata/RHSA-2023:3815", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2156333", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156333", }, { category: "external", summary: "2158916", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158916", }, { category: "external", summary: "2165824", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2165824", }, { category: "external", summary: "2181977", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2181977", }, { category: "external", summary: "2184161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2184161", }, { category: "external", summary: "2184176", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2184176", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3815.json", }, ], title: "Red Hat Security Advisory: Service Registry (container images) release and security update [2.4.3 GA]", tracking: { current_release_date: "2024-12-16T07:30:56+00:00", generator: { date: "2024-12-16T07:30:56+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:3815", initial_release_date: "2023-06-27T11:28:55+00:00", revision_history: [ { date: "2023-06-27T11:28:55+00:00", number: "1", summary: "Initial version", }, { date: "2023-06-27T11:28:55+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-16T07:30:56+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHINT Service Registry 2.4.3 GA", product: { name: "RHINT Service Registry 2.4.3 GA", product_id: "RHINT Service Registry 2.4.3 GA", product_identification_helper: { cpe: "cpe:/a:redhat:service_registry:2.4", }, }, }, ], category: "product_family", name: "Red Hat Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2022-3509", cwe: { id: "CWE-915", name: "Improperly Controlled Modification of Dynamically-Determined Object Attributes", }, discovery_date: "2022-12-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2184161", }, ], notes: [ { category: "description", text: "A flaw was found in Textformat in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.", title: "Vulnerability description", }, { category: "summary", text: "protobuf-java: Textformat parsing issue leads to DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3509", }, { category: "external", summary: "RHBZ#2184161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2184161", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3509", url: "https://www.cve.org/CVERecord?id=CVE-2022-3509", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3509", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3509", }, ], release_date: "2022-12-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "protobuf-java: Textformat parsing issue leads to DoS", }, { cve: "CVE-2022-3510", cwe: { id: "CWE-915", name: "Improperly Controlled Modification of Dynamically-Determined Object Attributes", }, discovery_date: "2022-12-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2184176", }, ], notes: [ { category: "description", text: "A flaw was found in Message-Type Extensions in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.", title: "Vulnerability description", }, { category: "summary", text: "protobuf-java: Message-Type Extensions parsing issue leads to DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3510", }, { category: "external", summary: "RHBZ#2184176", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2184176", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3510", url: "https://www.cve.org/CVERecord?id=CVE-2022-3510", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3510", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3510", }, ], release_date: "2022-12-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "protobuf-java: Message-Type Extensions parsing issue leads to DoS", }, { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { cve: "CVE-2022-4742", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, discovery_date: "2022-12-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2156333", }, ], notes: [ { category: "description", text: "A flaw was found in the json-pointer package. The affected versions of this package are vulnerable to prototype pollution vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "json-pointer: prototype pollution in json-pointer", title: "Vulnerability summary", }, { category: "other", text: "The json-pointer is a transitive dependency and is not used directly in any of the Red Hat products. Hence, the impact is set to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4742", }, { category: "external", summary: "RHBZ#2156333", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156333", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4742", url: "https://www.cve.org/CVERecord?id=CVE-2022-4742", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4742", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4742", }, ], release_date: "2022-12-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "json-pointer: prototype pollution in json-pointer", }, { cve: "CVE-2022-25881", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2023-01-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2165824", }, ], notes: [ { category: "description", text: "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", title: "Vulnerability description", }, { category: "summary", text: "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-25881", }, { category: "external", summary: "RHBZ#2165824", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2165824", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-25881", url: "https://www.cve.org/CVERecord?id=CVE-2022-25881", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-25881", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-25881", }, ], release_date: "2023-01-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-45787", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2023-01-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2158916", }, ], notes: [ { category: "description", text: "A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions.", title: "Vulnerability description", }, { category: "summary", text: "apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45787", }, { category: "external", summary: "RHBZ#2158916", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158916", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45787", url: "https://www.cve.org/CVERecord?id=CVE-2022-45787", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45787", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45787", }, ], release_date: "2023-01-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider", }, { cve: "CVE-2023-28867", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2181977", }, ], notes: [ { category: "description", text: "A flaw was found in GraphQL Java. This issue may allow a malicious user to send a crafted GraphQL query that causes stack consumption, causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "graphql-java: crafted GraphQL query causes stack consumption", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Service Registry 2.4.3 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28867", }, { category: "external", summary: "RHBZ#2181977", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2181977", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28867", url: "https://www.cve.org/CVERecord?id=CVE-2023-28867", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28867", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28867", }, ], release_date: "2023-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-27T11:28:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Service Registry 2.4.3 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3815", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Service Registry 2.4.3 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "graphql-java: crafted GraphQL query causes stack consumption", }, ], }
rhsa-2022:8961
Vulnerability from csaf_redhat
Published
2022-12-13 14:02
Modified
2025-03-14 22:46
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 7
Notes
Topic
New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8961", url: "https://access.redhat.com/errata/RHSA-2022:8961", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "CIAM-4414", url: "https://issues.redhat.com/browse/CIAM-4414", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8961.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 7", tracking: { current_release_date: "2025-03-14T22:46:44+00:00", generator: { date: "2025-03-14T22:46:44+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2022:8961", initial_release_date: "2022-12-13T14:02:36+00:00", revision_history: [ { date: "2022-12-13T14:02:36+00:00", number: "1", summary: "Initial version", }, { date: "2022-12-13T14:02:36+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T22:46:44+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 7 Server", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00002.1.el7sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00002.1.el7sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00002.1.el7sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", relates_to_product_reference: "7Server-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", relates_to_product_reference: "7Server-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", relates_to_product_reference: "7Server-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:02:36+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8961", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { acknowledgments: [ { names: [ "Peter Flintholm", ], organization: "Trifork", }, ], cve: "CVE-2022-3916", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2022-11-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2141404", }, ], notes: [ { category: "description", text: "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Session takeover with OIDC offline refreshtokens", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3916", }, { category: "external", summary: "RHBZ#2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3916", url: "https://www.cve.org/CVERecord?id=CVE-2022-3916", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", }, ], release_date: "2022-11-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:02:36+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8961", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00002.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Session takeover with OIDC offline refreshtokens", }, ], }
rhsa-2022_8964
Vulnerability from csaf_redhat
Published
2022-12-13 15:29
Modified
2024-11-22 21:10
Summary
Red Hat Security Advisory: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images
Notes
Topic
Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Users of rh-sso-7/sso76-openshift-rhel8 container images and rh-sso-7/sso7-rhel8-operator operator are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.
You can find images updated by this advisory in Red Hat Container Catalog (see References).
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nUsers of rh-sso-7/sso76-openshift-rhel8 container images and rh-sso-7/sso7-rhel8-operator operator are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8964", url: "https://access.redhat.com/errata/RHSA-2022:8964", }, { category: "external", summary: "https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/rh-sso-7/sso76-openshift-rhel8", url: "https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/rh-sso-7/sso76-openshift-rhel8", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "CIAM-4412", url: "https://issues.redhat.com/browse/CIAM-4412", }, { category: "external", summary: "CIAM-4413", url: "https://issues.redhat.com/browse/CIAM-4413", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8964.json", }, ], title: "Red Hat Security Advisory: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images", tracking: { current_release_date: "2024-11-22T21:10:53+00:00", generator: { date: "2024-11-22T21:10:53+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:8964", initial_release_date: "2022-12-13T15:29:04+00:00", revision_history: [ { date: "2022-12-13T15:29:04+00:00", number: "1", summary: "Initial version", }, { date: "2022-12-13T15:29:04+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:10:53+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Middleware Containers for OpenShift", product: { name: "Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware", product_identification_helper: { cpe: "cpe:/a:redhat:rhosemc:1.0::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", product: { name: "rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", product_id: "rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", product_identification_helper: { purl: "pkg:oci/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e?arch=amd64&repository_url=registry.redhat.io/rh-sso-7/sso7-rhel8-operator-bundle&tag=7.6.1-8", }, }, }, { category: "product_version", name: "rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", product: { name: "rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", product_id: "rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", product_identification_helper: { purl: "pkg:oci/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf?arch=amd64&repository_url=registry.redhat.io/rh-sso-7/sso7-rhel8-operator&tag=7.6-7", }, }, }, { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50?arch=amd64&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-15", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", product: { name: "rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", product_id: "rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", product_identification_helper: { purl: "pkg:oci/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914?arch=s390x&repository_url=registry.redhat.io/rh-sso-7/sso7-rhel8-operator&tag=7.6-7", }, }, }, { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac?arch=s390x&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-15", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", product: { name: "rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", product_id: "rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", product_identification_helper: { purl: "pkg:oci/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4?arch=ppc64le&repository_url=registry.redhat.io/rh-sso-7/sso7-rhel8-operator&tag=7.6-7", }, }, }, { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31?arch=ppc64le&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-15", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64 as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", }, product_reference: "rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", }, product_reference: "rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", }, product_reference: "rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64 as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", }, product_reference: "rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64 as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", relates_to_product_reference: "8Base-RHOSE-Middleware", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", ], known_not_affected: [ "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T15:29:04+00:00", details: "The RHEL-8 based Middleware Containers container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8964", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { acknowledgments: [ { names: [ "Peter Flintholm", ], organization: "Trifork", }, ], cve: "CVE-2022-3916", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2022-11-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2141404", }, ], notes: [ { category: "description", text: "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Session takeover with OIDC offline refreshtokens", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", ], known_not_affected: [ "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator-bundle@sha256:2ed396c2edaeedb3f01e53f0994fb6bfa160ec15c88d9a6b4be104e74968e85e_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:13ea6287a44e55cd65b066b1b0e1f09ec44fa001df5405a6e2d8cd2529e11914_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:75874508f4d6437f1636b961989e25bab24c82b4edb7e7a1cc655392453508a4_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso7-rhel8-operator@sha256:d505d950f485013da854a5146d99500bada07503f63351012db792f307476ebf_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3916", }, { category: "external", summary: "RHBZ#2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3916", url: "https://www.cve.org/CVERecord?id=CVE-2022-3916", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", }, ], release_date: "2022-11-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T15:29:04+00:00", details: "The RHEL-8 based Middleware Containers container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8964", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1aa23cf8a82b4f699d2d8bc7972aa65fe683e957668a0140f464a21dbf236e31_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:31631c33fd718bddbdbff029f31e5ee243a797f7decea47b69cd751d72328e50_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:afa186d6a7adbdc1e0c9e7decea7f8bc8c53b1076884a190014a143d9c4a05ac_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Session takeover with OIDC offline refreshtokens", }, ], }
rhsa-2023_2135
Vulnerability from csaf_redhat
Published
2023-05-04 15:59
Modified
2024-12-16 16:07
Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.3 security update
Notes
Topic
An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fixes:
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* undertow: Infinite loop in SslConduit during close (CVE-2023-1108)
* commons-text: apache-commons-text: variable interpolation RCE (CVE-2022-42889)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fixes:\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\n* commons-text: apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:2135", url: "https://access.redhat.com/errata/RHSA-2023:2135", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135435", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135435", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2174246", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2174246", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2135.json", }, ], title: "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.3 security update", tracking: { current_release_date: "2024-12-16T16:07:46+00:00", generator: { date: "2024-12-16T16:07:46+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:2135", initial_release_date: "2023-05-04T15:59:31+00:00", revision_history: [ { date: "2023-05-04T15:59:31+00:00", number: "1", summary: "Initial version", }, { date: "2023-05-04T15:59:31+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-16T16:07:46+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHPAM 7.13.1 async", product: { name: "RHPAM 7.13.1 async", product_id: "RHPAM 7.13.1 async", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", }, }, }, ], category: "product_family", name: "Red Hat Process Automation Manager", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { cve: "CVE-2022-4244", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-12-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2149841", }, ], notes: [ { category: "description", text: "A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.", title: "Vulnerability description", }, { category: "summary", text: "codehaus-plexus: Directory Traversal", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Single Sign-On uses this package for testing purposes and is not delivered with the distribution. Hence not affected status.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4244", }, { category: "external", summary: "RHBZ#2149841", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2149841", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4244", url: "https://www.cve.org/CVERecord?id=CVE-2022-4244", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4244", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4244", }, ], release_date: "2022-12-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "codehaus-plexus: Directory Traversal", }, { cve: "CVE-2022-4245", cwe: { id: "CWE-91", name: "XML Injection (aka Blind XPath Injection)", }, discovery_date: "2022-12-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2149843", }, ], notes: [ { category: "description", text: "A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.", title: "Vulnerability description", }, { category: "summary", text: "codehaus-plexus: XML External Entity (XXE) Injection", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4245", }, { category: "external", summary: "RHBZ#2149843", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2149843", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4245", url: "https://www.cve.org/CVERecord?id=CVE-2022-4245", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4245", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4245", }, ], release_date: "2022-12-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "codehaus-plexus: XML External Entity (XXE) Injection", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-42889", cwe: { id: "CWE-1188", name: "Initialization of a Resource with an Insecure Default", }, discovery_date: "2022-10-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135435", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.", title: "Vulnerability description", }, { category: "summary", text: "apache-commons-text: variable interpolation RCE", title: "Vulnerability summary", }, { category: "other", text: "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42889", }, { category: "external", summary: "RHBZ#2135435", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135435", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42889", url: "https://www.cve.org/CVERecord?id=CVE-2022-42889", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42889", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42889", }, { category: "external", summary: "https://blogs.apache.org/security/entry/cve-2022-42889", url: "https://blogs.apache.org/security/entry/cve-2022-42889", }, { category: "external", summary: "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om", url: "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om", }, { category: "external", summary: "https://seclists.org/oss-sec/2022/q4/22", url: "https://seclists.org/oss-sec/2022/q4/22", }, ], release_date: "2022-10-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, { category: "workaround", details: "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.", product_ids: [ "RHPAM 7.13.1 async", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-commons-text: variable interpolation RCE", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46363", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155681", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", title: "Vulnerability description", }, { category: "summary", text: "CXF: directory listing / code exfiltration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46363", }, { category: "external", summary: "RHBZ#2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46363", url: "https://www.cve.org/CVERecord?id=CVE-2022-46363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", }, { category: "external", summary: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", url: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: directory listing / code exfiltration", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, { cve: "CVE-2023-1108", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2023-02-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2174246", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.", title: "Vulnerability description", }, { category: "summary", text: "Undertow: Infinite loop in SslConduit during close", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1108", }, { category: "external", summary: "RHBZ#2174246", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2174246", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1108", url: "https://www.cve.org/CVERecord?id=CVE-2023-1108", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1108", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1108", }, { category: "external", summary: "https://github.com/advisories/GHSA-m4mm-pg93-fv78", url: "https://github.com/advisories/GHSA-m4mm-pg93-fv78", }, ], release_date: "2023-03-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-04T15:59:31+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Undertow: Infinite loop in SslConduit during close", }, ], }
rhsa-2023_3185
Vulnerability from csaf_redhat
Published
2023-05-17 13:58
Modified
2024-12-16 22:26
Summary
Red Hat Security Advisory: Red Hat AMQ Broker 7.10.3 release and security update
Notes
Topic
Red Hat AMQ Broker 7.10.3 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.
This release of Red Hat AMQ Broker 7.10.3 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* springframework: DoS via data binding to multipartFile or servlet part (CVE-2022-22970)
* springframework: DoS with STOMP over WebSocket (CVE-2022-22971)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)
* RESTEasy: creation of insecure temp files (CVE-2023-0482)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat AMQ Broker 7.10.3 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.\n\nThis release of Red Hat AMQ Broker 7.10.3 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* springframework: DoS via data binding to multipartFile or servlet part (CVE-2022-22970)\n\n* springframework: DoS with STOMP over WebSocket (CVE-2022-22971)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:3185", url: "https://access.redhat.com/errata/RHSA-2023:3185", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.10.3", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.10.3", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.10", url: "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.10", }, { category: "external", summary: "2087272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087272", }, { category: "external", summary: "2087274", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087274", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2166004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2166004", }, { category: "external", summary: "2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3185.json", }, ], title: "Red Hat Security Advisory: Red Hat AMQ Broker 7.10.3 release and security update", tracking: { current_release_date: "2024-12-16T22:26:31+00:00", generator: { date: "2024-12-16T22:26:31+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:3185", initial_release_date: "2023-05-17T13:58:49+00:00", revision_history: [ { date: "2023-05-17T13:58:49+00:00", number: "1", summary: "Initial version", }, { date: "2023-05-17T13:58:49+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-16T22:26:31+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "AMQ Broker 7.10.3", product: { name: "AMQ Broker 7.10.3", product_id: "AMQ Broker 7.10.3", product_identification_helper: { cpe: "cpe:/a:redhat:amq_broker:7", }, }, }, ], category: "product_family", name: "Red Hat JBoss AMQ", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.10.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-17T13:58:49+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.10.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3185", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "AMQ Broker 7.10.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { cve: "CVE-2022-22970", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2087272", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. Applications that handle file uploads are vulnerable to a denial of service (DoS) attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.", title: "Vulnerability description", }, { category: "summary", text: "springframework: DoS via data binding to multipartFile or servlet part", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.10.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-22970", }, { category: "external", summary: "RHBZ#2087272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087272", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-22970", url: "https://www.cve.org/CVERecord?id=CVE-2022-22970", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-22970", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-22970", }, { category: "external", summary: "https://tanzu.vmware.com/security/cve-2022-22970", url: "https://tanzu.vmware.com/security/cve-2022-22970", }, ], release_date: "2022-05-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-17T13:58:49+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.10.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AMQ Broker 7.10.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "springframework: DoS via data binding to multipartFile or servlet part", }, { cve: "CVE-2022-22971", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2087274", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user.", title: "Vulnerability description", }, { category: "summary", text: "springframework: DoS with STOMP over WebSocket", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.10.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-22971", }, { category: "external", summary: "RHBZ#2087274", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087274", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-22971", url: "https://www.cve.org/CVERecord?id=CVE-2022-22971", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-22971", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-22971", }, { category: "external", summary: "https://tanzu.vmware.com/security/cve-2022-22971", url: "https://tanzu.vmware.com/security/cve-2022-22971", }, ], release_date: "2022-05-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-17T13:58:49+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.10.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3185", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AMQ Broker 7.10.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "springframework: DoS with STOMP over WebSocket", }, { cve: "CVE-2023-0482", cwe: { id: "CWE-378", name: "Creation of Temporary File With Insecure Permissions", }, discovery_date: "2023-01-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2166004", }, ], notes: [ { category: "description", text: "In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.", title: "Vulnerability description", }, { category: "summary", text: "RESTEasy: creation of insecure temp files", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.10.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0482", }, { category: "external", summary: "RHBZ#2166004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2166004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0482", url: "https://www.cve.org/CVERecord?id=CVE-2023-0482", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0482", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0482", }, ], release_date: "2023-01-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-17T13:58:49+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.10.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3185", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "AMQ Broker 7.10.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "RESTEasy: creation of insecure temp files", }, { cve: "CVE-2023-20860", cwe: { id: "CWE-155", name: "Improper Neutralization of Wildcards or Matching Symbols", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180528", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", title: "Vulnerability description", }, { category: "summary", text: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.10.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20860", }, { category: "external", summary: "RHBZ#2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20860", url: "https://www.cve.org/CVERecord?id=CVE-2023-20860", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-17T13:58:49+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.10.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3185", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "AMQ Broker 7.10.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", }, { cve: "CVE-2023-20861", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180530", }, ], notes: [ { category: "description", text: "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "springframework: Spring Expression DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AMQ Broker 7.10.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20861", }, { category: "external", summary: "RHBZ#2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20861", url: "https://www.cve.org/CVERecord?id=CVE-2023-20861", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-17T13:58:49+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "AMQ Broker 7.10.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3185", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "AMQ Broker 7.10.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "springframework: Spring Expression DoS Vulnerability", }, ], }
rhsa-2023:1049
Vulnerability from csaf_redhat
Published
2023-03-01 21:58
Modified
2025-03-25 17:03
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update
Notes
Topic
A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* keycloak: missing email notification template allowlist (CVE-2022-1274)
* keycloak: minimist: prototype pollution (CVE-2021-44906)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)
* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)
* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
* keycloak: reflected XSS attack (CVE-2022-4137)
* Keycloak Node.js Adapter: Open redirect vulnerability in checkSSO (CVE-2022-2237)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* keycloak: reflected XSS attack (CVE-2022-4137)\n* Keycloak Node.js Adapter: Open redirect vulnerability in checkSSO (CVE-2022-2237)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:1049", url: "https://access.redhat.com/errata/RHSA-2023:1049", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "2031904", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031904", }, { category: "external", summary: "2066009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066009", }, { category: "external", summary: "2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "2073157", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073157", }, { category: "external", summary: "2097007", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097007", }, { category: "external", summary: "2105075", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105075", }, { category: "external", summary: "2117506", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117506", }, { category: "external", summary: "2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2140597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140597", }, { category: "external", summary: "2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2148496", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2148496", }, { category: "external", summary: "2150009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2150009", }, { category: "external", summary: "2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "2156263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156263", }, { category: "external", summary: "2156324", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156324", }, { category: "external", summary: "2158585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158585", }, { category: "external", summary: "2160585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2160585", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1049.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update", tracking: { current_release_date: "2025-03-25T17:03:41+00:00", generator: { date: "2025-03-25T17:03:41+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:1049", initial_release_date: "2023-03-01T21:58:17+00:00", revision_history: [ { date: "2023-03-01T21:58:17+00:00", number: "1", summary: "Initial version", }, { date: "2023-03-01T21:58:17+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-25T17:03:41+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7", product: { name: "Red Hat Single Sign-On 7", product_id: "Red Hat Single Sign-On 7", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2018-14040", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601614", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14040", }, { category: "external", summary: "RHBZ#1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14040", url: "https://www.cve.org/CVERecord?id=CVE-2018-14040", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", }, { cve: "CVE-2018-14042", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601617", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14042", }, { category: "external", summary: "RHBZ#1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14042", url: "https://www.cve.org/CVERecord?id=CVE-2018-14042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", }, { cve: "CVE-2019-11358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-03-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1701972", }, ], notes: [ { category: "description", text: "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11358", }, { category: "external", summary: "RHBZ#1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11358", url: "https://www.cve.org/CVERecord?id=CVE-2019-11358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", }, { category: "external", summary: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { category: "external", summary: "https://www.drupal.org/sa-core-2019-006", url: "https://www.drupal.org/sa-core-2019-006", }, ], release_date: "2019-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", }, { cve: "CVE-2020-11022", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-04-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1828406", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", title: "Vulnerability summary", }, { category: "other", text: "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11022", }, { category: "external", summary: "RHBZ#1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11022", url: "https://www.cve.org/CVERecord?id=CVE-2020-11022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", }, { category: "external", summary: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", url: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", }, ], release_date: "2020-04-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", }, { cve: "CVE-2020-11023", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-06-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1850004", }, ], notes: [ { category: "description", text: "A flaw was found in jQuery. HTML containing \\<option\\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The 'gcc' and 'tbb' packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the 'gcc' component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11023", }, { category: "external", summary: "RHBZ#1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11023", url: "https://www.cve.org/CVERecord?id=CVE-2020-11023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", }, { category: "external", summary: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2020-04-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "Red Hat Single Sign-On 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "exploit_status", date: "2025-01-23T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Moderate", }, ], title: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", }, { cve: "CVE-2021-35065", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-12-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2156324", }, ], notes: [ { category: "description", text: "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", title: "Vulnerability description", }, { category: "summary", text: "glob-parent: Regular Expression Denial of Service", title: "Vulnerability summary", }, { category: "other", text: "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-35065", }, { category: "external", summary: "RHBZ#2156324", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156324", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-35065", url: "https://www.cve.org/CVERecord?id=CVE-2021-35065", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", url: "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", }, ], release_date: "2022-12-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "glob-parent: Regular Expression Denial of Service", }, { cve: "CVE-2021-44906", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, discovery_date: "2022-03-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2066009", }, ], notes: [ { category: "description", text: "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", title: "Vulnerability description", }, { category: "summary", text: "minimist: prototype pollution", title: "Vulnerability summary", }, { category: "other", text: "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44906", }, { category: "external", summary: "RHBZ#2066009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44906", url: "https://www.cve.org/CVERecord?id=CVE-2021-44906", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", }, { category: "external", summary: "https://github.com/advisories/GHSA-xvch-5gv4-984h", url: "https://github.com/advisories/GHSA-xvch-5gv4-984h", }, ], release_date: "2022-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "minimist: prototype pollution", }, { acknowledgments: [ { names: [ "Marcus Nilsson", ], organization: "usd AG", }, ], cve: "CVE-2022-1274", cwe: { id: "CWE-80", name: "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", }, discovery_date: "2022-04-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073157", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: HTML injection in execute-actions-email Admin REST API", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1274", }, { category: "external", summary: "RHBZ#2073157", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073157", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1274", url: "https://www.cve.org/CVERecord?id=CVE-2022-1274", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", }, ], release_date: "2023-02-28T18:57:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: HTML injection in execute-actions-email Admin REST API", }, { acknowledgments: [ { names: [ "Grzegorz Tworek", ], organization: "SISOFT s.c.", }, ], cve: "CVE-2022-1438", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2021-12-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031904", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: XSS on impersonation under specific circumstances", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1438", }, { category: "external", summary: "RHBZ#2031904", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031904", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1438", url: "https://www.cve.org/CVERecord?id=CVE-2022-1438", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1438", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1438", }, ], release_date: "2023-02-28T18:56:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: XSS on impersonation under specific circumstances", }, { cve: "CVE-2022-1471", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-12-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2150009", }, ], notes: [ { category: "description", text: "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).", title: "Vulnerability description", }, { category: "summary", text: "SnakeYaml: Constructor Deserialization Remote Code Execution", title: "Vulnerability summary", }, { category: "other", text: "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml's SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker's control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml's Constructor class nor pass untrusted data to this class. When this class is used, it’s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1471", }, { category: "external", summary: "RHBZ#2150009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2150009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1471", url: "https://www.cve.org/CVERecord?id=CVE-2022-1471", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", url: "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", }, ], release_date: "2022-10-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "SnakeYaml: Constructor Deserialization Remote Code Execution", }, { acknowledgments: [ { names: [ "Aytaç Kalıncı", "Ilker Bulgurcu", "Yasin Yılmaz", ], organization: "NETAŞ PENTEST TEAM", }, ], cve: "CVE-2022-2237", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, discovery_date: "2022-06-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2097007", }, ], notes: [ { category: "description", text: "A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.", title: "Vulnerability description", }, { category: "summary", text: "Adapter: Open redirect vulnerability in checkSSO", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported. Therefore, this flaw will not be addressed in CodeReady Studio. Please see https://developers.redhat.com/articles/2022/04/18/announcement-red-hat-codeready-studio-reaches-end-life for more information.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2237", }, { category: "external", summary: "RHBZ#2097007", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097007", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2237", url: "https://www.cve.org/CVERecord?id=CVE-2022-2237", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2237", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2237", }, ], release_date: "2023-03-01T13:57:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Adapter: Open redirect vulnerability in checkSSO", }, { cve: "CVE-2022-2764", discovery_date: "2022-08-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2117506", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2764", }, { category: "external", summary: "RHBZ#2117506", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117506", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2764", url: "https://www.cve.org/CVERecord?id=CVE-2022-2764", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", }, ], release_date: "2022-08-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", }, { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { acknowledgments: [ { names: [ "Peter Flintholm", ], organization: "Trifork", }, ], cve: "CVE-2022-3916", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2022-11-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2141404", }, ], notes: [ { category: "description", text: "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Session takeover with OIDC offline refreshtokens", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3916", }, { category: "external", summary: "RHBZ#2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3916", url: "https://www.cve.org/CVERecord?id=CVE-2022-3916", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", }, ], release_date: "2022-11-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Session takeover with OIDC offline refreshtokens", }, { cve: "CVE-2022-4137", cwe: { id: "CWE-81", name: "Improper Neutralization of Script in an Error Message Web Page", }, discovery_date: "2022-11-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2148496", }, ], notes: [ { category: "description", text: "A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: reflected XSS attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4137", }, { category: "external", summary: "RHBZ#2148496", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2148496", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4137", url: "https://www.cve.org/CVERecord?id=CVE-2022-4137", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4137", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4137", }, ], release_date: "2023-03-01T13:56:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: reflected XSS attack", }, { cve: "CVE-2022-24785", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-04-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2072009", }, ], notes: [ { category: "description", text: "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", title: "Vulnerability description", }, { category: "summary", text: "Moment.js: Path traversal in moment.locale", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24785", }, { category: "external", summary: "RHBZ#2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24785", url: "https://www.cve.org/CVERecord?id=CVE-2022-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", url: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, { category: "workaround", details: "Sanitize the user-provided locale name before passing it to Moment.js.", product_ids: [ "Red Hat Single Sign-On 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Moment.js: Path traversal in moment.locale", }, { cve: "CVE-2022-25857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2126789", }, ], notes: [ { category: "description", text: "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", title: "Vulnerability summary", }, { category: "other", text: "For RHEL-8 it's downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn't shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it's not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-25857", }, { category: "external", summary: "RHBZ#2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-25857", url: "https://www.cve.org/CVERecord?id=CVE-2022-25857", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", }, ], release_date: "2022-08-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", }, { cve: "CVE-2022-31129", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-07-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2105075", }, ], notes: [ { category: "description", text: "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", title: "Vulnerability description", }, { category: "summary", text: "moment: inefficient parsing algorithm resulting in DoS", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-31129", }, { category: "external", summary: "RHBZ#2105075", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105075", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-31129", url: "https://www.cve.org/CVERecord?id=CVE-2022-31129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", url: "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", }, ], release_date: "2022-07-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "moment: inefficient parsing algorithm resulting in DoS", }, { cve: "CVE-2022-37603", cwe: { id: "CWE-185", name: "Incorrect Regular Expression", }, discovery_date: "2022-11-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2140597", }, ], notes: [ { category: "description", text: "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.", title: "Vulnerability description", }, { category: "summary", text: "loader-utils: Regular expression denial of service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-37603", }, { category: "external", summary: "RHBZ#2140597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-37603", url: "https://www.cve.org/CVERecord?id=CVE-2022-37603", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", }, ], release_date: "2022-10-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "loader-utils: Regular expression denial of service", }, { cve: "CVE-2022-38749", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129706", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38749", }, { category: "external", summary: "RHBZ#2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38749", url: "https://www.cve.org/CVERecord?id=CVE-2022-38749", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", }, { cve: "CVE-2022-38750", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129707", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38750", }, { category: "external", summary: "RHBZ#2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38750", url: "https://www.cve.org/CVERecord?id=CVE-2022-38750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", }, { cve: "CVE-2022-38751", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129709", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38751", }, { category: "external", summary: "RHBZ#2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38751", url: "https://www.cve.org/CVERecord?id=CVE-2022-38751", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "Red Hat Single Sign-On 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46175", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, discovery_date: "2022-12-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2156263", }, ], notes: [ { category: "description", text: "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", title: "Vulnerability description", }, { category: "summary", text: "json5: Prototype Pollution in JSON5 via Parse Method", title: "Vulnerability summary", }, { category: "other", text: "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46175", }, { category: "external", summary: "RHBZ#2156263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156263", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46175", url: "https://www.cve.org/CVERecord?id=CVE-2022-46175", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", }, { category: "external", summary: "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", url: "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", }, ], release_date: "2022-12-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "json5: Prototype Pollution in JSON5 via Parse Method", }, { cve: "CVE-2022-46363", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155681", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", title: "Vulnerability description", }, { category: "summary", text: "CXF: directory listing / code exfiltration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46363", }, { category: "external", summary: "RHBZ#2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46363", url: "https://www.cve.org/CVERecord?id=CVE-2022-46363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", }, { category: "external", summary: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", url: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: directory listing / code exfiltration", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, { acknowledgments: [ { names: [ "Sourav Kumar", ], organization: "https://github.com/souravs17031999", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2023-0091", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-10-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2158585", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Client Registration endpoint does not check token revocation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0091", }, { category: "external", summary: "RHBZ#2158585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158585", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0091", url: "https://www.cve.org/CVERecord?id=CVE-2023-0091", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", }, { category: "external", summary: "https://github.com/keycloak/security/issues/27", url: "https://github.com/keycloak/security/issues/27", }, ], release_date: "2022-10-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.8, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "keycloak: Client Registration endpoint does not check token revocation", }, { acknowledgments: [ { names: [ "Jordi Zayuelas i Muñoz", ], organization: "A1 Digital", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2023-0264", cwe: { id: "CWE-303", name: "Incorrect Implementation of Authentication Algorithm", }, discovery_date: "2023-01-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2160585", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak's OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: user impersonation via stolen uuid code", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0264", }, { category: "external", summary: "RHBZ#2160585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2160585", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0264", url: "https://www.cve.org/CVERecord?id=CVE-2023-0264", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", }, ], release_date: "2023-02-28T18:58:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: user impersonation via stolen uuid code", }, ], }
RHSA-2023:1285
Vulnerability from csaf_redhat
Published
2023-03-16 07:57
Modified
2025-03-14 22:47
Summary
Red Hat Security Advisory: Migration Toolkit for Runtimes security bug fix and enhancement update
Notes
Topic
Migration Toolkit for Runtimes 1.0.2 release
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Migration Toolkit for Runtimes 1.0.2 ZIP artifacts
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)
* Apache CXF: SSRF Vulnerability (CVE-2022-46364)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Migration Toolkit for Runtimes 1.0.2 release\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Migration Toolkit for Runtimes 1.0.2 ZIP artifacts\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)\n\n* Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:1285", url: "https://access.redhat.com/errata/RHSA-2023:1285", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes&downloadType=distributions", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes&downloadType=distributions", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2162200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162200", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1285.json", }, ], title: "Red Hat Security Advisory: Migration Toolkit for Runtimes security bug fix and enhancement update", tracking: { current_release_date: "2025-03-14T22:47:41+00:00", generator: { date: "2025-03-14T22:47:41+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:1285", initial_release_date: "2023-03-16T07:57:03+00:00", revision_history: [ { date: "2023-03-16T07:57:03+00:00", number: "1", summary: "Initial version", }, { date: "2023-03-16T07:57:03+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T22:47:41+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Migration Toolkit for Runtimes 1 on RHEL 8", product: { name: "Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "Migration Toolkit for Runtimes 1 on RHEL 8", product_identification_helper: { cpe: "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", }, }, }, ], category: "product_family", name: "Migration Toolkit for Runtimes", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-16T07:57:03+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1285", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { cve: "CVE-2022-31690", cwe: { id: "CWE-269", name: "Improper Privilege Management", }, discovery_date: "2023-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2162200", }, ], notes: [ { category: "description", text: "A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker can gain elevated privileges on the system.", title: "Vulnerability description", }, { category: "summary", text: "spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel-K, Camel-Quarkus, and Camel-SpringBoot do not directly use or ship the affected software, but do have references to it in their Maven POMs. As such their impact has been reduced to Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-31690", }, { category: "external", summary: "RHBZ#2162200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162200", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-31690", url: "https://www.cve.org/CVERecord?id=CVE-2022-31690", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-31690", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-31690", }, { category: "external", summary: "https://spring.io/security/cve-2022-31690", url: "https://spring.io/security/cve-2022-31690", }, ], release_date: "2022-10-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-16T07:57:03+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1285", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-16T07:57:03+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1285", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Migration Toolkit for Runtimes 1 on RHEL 8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, ], }
rhsa-2022_8965
Vulnerability from csaf_redhat
Published
2022-12-13 14:04
Modified
2024-11-22 21:10
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update
Notes
Topic
An update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the following security fixes.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the following security fixes.\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8965", url: "https://access.redhat.com/errata/RHSA-2022:8965", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.6", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.6", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "CIAM-4411", url: "https://issues.redhat.com/browse/CIAM-4411", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8965.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update", tracking: { current_release_date: "2024-11-22T21:10:40+00:00", generator: { date: "2024-11-22T21:10:40+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:8965", initial_release_date: "2022-12-13T14:04:59+00:00", revision_history: [ { date: "2022-12-13T14:04:59+00:00", number: "1", summary: "Initial version", }, { date: "2022-12-13T14:04:59+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T21:10:40+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6.1", product: { name: "Red Hat Single Sign-On 7.6.1", product_id: "Red Hat Single Sign-On 7.6.1", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6.1", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:04:59+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8965", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { acknowledgments: [ { names: [ "Peter Flintholm", ], organization: "Trifork", }, ], cve: "CVE-2022-3916", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2022-11-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2141404", }, ], notes: [ { category: "description", text: "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Session takeover with OIDC offline refreshtokens", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3916", }, { category: "external", summary: "RHBZ#2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3916", url: "https://www.cve.org/CVERecord?id=CVE-2022-3916", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", }, ], release_date: "2022-11-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-12-13T14:04:59+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8965", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Session takeover with OIDC offline refreshtokens", }, ], }
rhsa-2023:1047
Vulnerability from csaf_redhat
Published
2023-03-01 21:46
Modified
2025-03-25 11:31
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update
Notes
Topic
A new image is available for Red Hat Single Sign-On 7.6.2, running on Red
Hat OpenShift Container Platform from the release of 3.11 up to the release
of 4.12.0.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On is an integrated sign-on solution, available as a
Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat
Single Sign-On for OpenShift image provides an authentication server that
you can use to log in centrally, log out, and register. You can also manage
user accounts for web applications, mobile applications, and RESTful web
services.
* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* RH-SSO for OpenShift images: unsecured management interface exposed to adjacent network (CVE-2022-4039)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* keycloak: minimist: prototype pollution (CVE-2021-44906)
* keycloak: missing email notification template allowlist (CVE-2022-1274)
* keycloak: XSS on izmpersonation under specific circumstances (CVE-2022-1438)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)
* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)
This erratum releases a new image for Red Hat Single Sign-On 7.6.2 for use
within the Red Hat OpenShift Container Platform (from the release of 3.11
up to the release of 4.12.0) cloud computing Platform-as-a-Service (PaaS)
for on-premise or private cloud deployments, aligning with the standalone
product release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A new image is available for Red Hat Single Sign-On 7.6.2, running on Red\nHat OpenShift Container Platform from the release of 3.11 up to the release\nof 4.12.0.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On is an integrated sign-on solution, available as a\nRed Hat JBoss Middleware for OpenShift containerized image. The Red Hat\nSingle Sign-On for OpenShift image provides an authentication server that\nyou can use to log in centrally, log out, and register. You can also manage\nuser accounts for web applications, mobile applications, and RESTful web\nservices.\n\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* RH-SSO for OpenShift images: unsecured management interface exposed to adjacent network (CVE-2022-4039)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: XSS on izmpersonation under specific circumstances (CVE-2022-1438)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n\nThis erratum releases a new image for Red Hat Single Sign-On 7.6.2 for use\nwithin the Red Hat OpenShift Container Platform (from the release of 3.11\nup to the release of 4.12.0) cloud computing Platform-as-a-Service (PaaS)\nfor on-premise or private cloud deployments, aligning with the standalone\nproduct release.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:1047", url: "https://access.redhat.com/errata/RHSA-2023:1047", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "2031904", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031904", }, { category: "external", summary: "2066009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066009", }, { category: "external", summary: "2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "2073157", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073157", }, { category: "external", summary: "2105075", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105075", }, { category: "external", summary: "2117506", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117506", }, { category: "external", summary: "2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2140597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140597", }, { category: "external", summary: "2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "2143416", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2143416", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2150009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2150009", }, { category: "external", summary: "2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "2156263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156263", }, { category: "external", summary: "2156324", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156324", }, { category: "external", summary: "2158585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158585", }, { category: "external", summary: "2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "2160585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2160585", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1047.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update", tracking: { current_release_date: "2025-03-25T11:31:16+00:00", generator: { date: "2025-03-25T11:31:16+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:1047", initial_release_date: "2023-03-01T21:46:46+00:00", revision_history: [ { date: "2023-03-01T21:46:46+00:00", number: "1", summary: "Initial version", }, { date: "2023-03-01T21:46:46+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-25T11:31:16+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Middleware Containers for OpenShift", product: { name: "Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware", product_identification_helper: { cpe: "cpe:/a:redhat:rhosemc:1.0::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21?arch=s390x&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-20", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60?arch=ppc64le&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-20", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f?arch=amd64&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-20", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64 as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", relates_to_product_reference: "8Base-RHOSE-Middleware", }, ], }, vulnerabilities: [ { cve: "CVE-2018-14040", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601614", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14040", }, { category: "external", summary: "RHBZ#1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14040", url: "https://www.cve.org/CVERecord?id=CVE-2018-14040", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", }, { cve: "CVE-2018-14042", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601617", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14042", }, { category: "external", summary: "RHBZ#1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14042", url: "https://www.cve.org/CVERecord?id=CVE-2018-14042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", }, { cve: "CVE-2019-11358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-03-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1701972", }, ], notes: [ { category: "description", text: "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11358", }, { category: "external", summary: "RHBZ#1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11358", url: "https://www.cve.org/CVERecord?id=CVE-2019-11358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", }, { category: "external", summary: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { category: "external", summary: "https://www.drupal.org/sa-core-2019-006", url: "https://www.drupal.org/sa-core-2019-006", }, ], release_date: "2019-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", }, { cve: "CVE-2020-11022", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-04-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1828406", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", title: "Vulnerability summary", }, { category: "other", text: "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11022", }, { category: "external", summary: "RHBZ#1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11022", url: "https://www.cve.org/CVERecord?id=CVE-2020-11022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", }, { category: "external", summary: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", url: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", }, ], release_date: "2020-04-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", }, { cve: "CVE-2021-35065", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-12-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2156324", }, ], notes: [ { category: "description", text: "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", title: "Vulnerability description", }, { category: "summary", text: "glob-parent: Regular Expression Denial of Service", title: "Vulnerability summary", }, { category: "other", text: "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-35065", }, { category: "external", summary: "RHBZ#2156324", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156324", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-35065", url: "https://www.cve.org/CVERecord?id=CVE-2021-35065", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", url: "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", }, ], release_date: "2022-12-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "glob-parent: Regular Expression Denial of Service", }, { cve: "CVE-2021-44906", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, discovery_date: "2022-03-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2066009", }, ], notes: [ { category: "description", text: "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", title: "Vulnerability description", }, { category: "summary", text: "minimist: prototype pollution", title: "Vulnerability summary", }, { category: "other", text: "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44906", }, { category: "external", summary: "RHBZ#2066009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44906", url: "https://www.cve.org/CVERecord?id=CVE-2021-44906", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", }, { category: "external", summary: "https://github.com/advisories/GHSA-xvch-5gv4-984h", url: "https://github.com/advisories/GHSA-xvch-5gv4-984h", }, ], release_date: "2022-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "minimist: prototype pollution", }, { acknowledgments: [ { names: [ "Marcus Nilsson", ], organization: "usd AG", }, ], cve: "CVE-2022-1274", cwe: { id: "CWE-80", name: "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", }, discovery_date: "2022-04-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073157", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: HTML injection in execute-actions-email Admin REST API", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1274", }, { category: "external", summary: "RHBZ#2073157", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073157", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1274", url: "https://www.cve.org/CVERecord?id=CVE-2022-1274", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", }, ], release_date: "2023-02-28T18:57:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: HTML injection in execute-actions-email Admin REST API", }, { acknowledgments: [ { names: [ "Grzegorz Tworek", ], organization: "SISOFT s.c.", }, ], cve: "CVE-2022-1438", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2021-12-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031904", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: XSS on impersonation under specific circumstances", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1438", }, { category: "external", summary: "RHBZ#2031904", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031904", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1438", url: "https://www.cve.org/CVERecord?id=CVE-2022-1438", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1438", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1438", }, ], release_date: "2023-02-28T18:56:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: XSS on impersonation under specific circumstances", }, { cve: "CVE-2022-1471", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-12-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2150009", }, ], notes: [ { category: "description", text: "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).", title: "Vulnerability description", }, { category: "summary", text: "SnakeYaml: Constructor Deserialization Remote Code Execution", title: "Vulnerability summary", }, { category: "other", text: "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml's SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker's control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml's Constructor class nor pass untrusted data to this class. When this class is used, it’s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1471", }, { category: "external", summary: "RHBZ#2150009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2150009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1471", url: "https://www.cve.org/CVERecord?id=CVE-2022-1471", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", url: "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", }, ], release_date: "2022-10-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "SnakeYaml: Constructor Deserialization Remote Code Execution", }, { cve: "CVE-2022-2764", discovery_date: "2022-08-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2117506", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2764", }, { category: "external", summary: "RHBZ#2117506", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117506", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2764", url: "https://www.cve.org/CVERecord?id=CVE-2022-2764", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", }, ], release_date: "2022-08-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", }, { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { acknowledgments: [ { names: [ "Peter Flintholm", ], organization: "Trifork", }, ], cve: "CVE-2022-3916", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2022-11-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2141404", }, ], notes: [ { category: "description", text: "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Session takeover with OIDC offline refreshtokens", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3916", }, { category: "external", summary: "RHBZ#2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3916", url: "https://www.cve.org/CVERecord?id=CVE-2022-3916", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", }, ], release_date: "2022-11-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Session takeover with OIDC offline refreshtokens", }, { acknowledgments: [ { names: [ "Thibault Guittet", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2022-4039", cwe: { id: "CWE-276", name: "Incorrect Default Permissions", }, discovery_date: "2022-11-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2143416", }, ], notes: [ { category: "description", text: "A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.", title: "Vulnerability description", }, { category: "summary", text: "rhsso-container-image: unsecured management interface exposed to adjecent network", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4039", }, { category: "external", summary: "RHBZ#2143416", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2143416", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4039", url: "https://www.cve.org/CVERecord?id=CVE-2022-4039", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4039", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4039", }, ], release_date: "2023-02-28T21:26:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "rhsso-container-image: unsecured management interface exposed to adjecent network", }, { cve: "CVE-2022-24785", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-04-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2072009", }, ], notes: [ { category: "description", text: "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", title: "Vulnerability description", }, { category: "summary", text: "Moment.js: Path traversal in moment.locale", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24785", }, { category: "external", summary: "RHBZ#2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24785", url: "https://www.cve.org/CVERecord?id=CVE-2022-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", url: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, { category: "workaround", details: "Sanitize the user-provided locale name before passing it to Moment.js.", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Moment.js: Path traversal in moment.locale", }, { cve: "CVE-2022-25857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2126789", }, ], notes: [ { category: "description", text: "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", title: "Vulnerability summary", }, { category: "other", text: "For RHEL-8 it's downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn't shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it's not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-25857", }, { category: "external", summary: "RHBZ#2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-25857", url: "https://www.cve.org/CVERecord?id=CVE-2022-25857", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", }, ], release_date: "2022-08-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", }, { cve: "CVE-2022-31129", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-07-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2105075", }, ], notes: [ { category: "description", text: "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", title: "Vulnerability description", }, { category: "summary", text: "moment: inefficient parsing algorithm resulting in DoS", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-31129", }, { category: "external", summary: "RHBZ#2105075", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105075", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-31129", url: "https://www.cve.org/CVERecord?id=CVE-2022-31129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", url: "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", }, ], release_date: "2022-07-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "moment: inefficient parsing algorithm resulting in DoS", }, { cve: "CVE-2022-37603", cwe: { id: "CWE-185", name: "Incorrect Regular Expression", }, discovery_date: "2022-11-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2140597", }, ], notes: [ { category: "description", text: "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.", title: "Vulnerability description", }, { category: "summary", text: "loader-utils: Regular expression denial of service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-37603", }, { category: "external", summary: "RHBZ#2140597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-37603", url: "https://www.cve.org/CVERecord?id=CVE-2022-37603", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", }, ], release_date: "2022-10-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "loader-utils: Regular expression denial of service", }, { cve: "CVE-2022-38749", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129706", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38749", }, { category: "external", summary: "RHBZ#2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38749", url: "https://www.cve.org/CVERecord?id=CVE-2022-38749", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", }, { cve: "CVE-2022-38750", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129707", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38750", }, { category: "external", summary: "RHBZ#2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38750", url: "https://www.cve.org/CVERecord?id=CVE-2022-38750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", }, { cve: "CVE-2022-38751", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129709", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38751", }, { category: "external", summary: "RHBZ#2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38751", url: "https://www.cve.org/CVERecord?id=CVE-2022-38751", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46175", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, discovery_date: "2022-12-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2156263", }, ], notes: [ { category: "description", text: "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", title: "Vulnerability description", }, { category: "summary", text: "json5: Prototype Pollution in JSON5 via Parse Method", title: "Vulnerability summary", }, { category: "other", text: "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46175", }, { category: "external", summary: "RHBZ#2156263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156263", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46175", url: "https://www.cve.org/CVERecord?id=CVE-2022-46175", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", }, { category: "external", summary: "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", url: "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", }, ], release_date: "2022-12-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "json5: Prototype Pollution in JSON5 via Parse Method", }, { cve: "CVE-2022-46363", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155681", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", title: "Vulnerability description", }, { category: "summary", text: "CXF: directory listing / code exfiltration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46363", }, { category: "external", summary: "RHBZ#2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46363", url: "https://www.cve.org/CVERecord?id=CVE-2022-46363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", }, { category: "external", summary: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", url: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: directory listing / code exfiltration", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, { acknowledgments: [ { names: [ "Sourav Kumar", ], organization: "https://github.com/souravs17031999", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2023-0091", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-10-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2158585", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Client Registration endpoint does not check token revocation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0091", }, { category: "external", summary: "RHBZ#2158585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158585", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0091", url: "https://www.cve.org/CVERecord?id=CVE-2023-0091", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", }, { category: "external", summary: "https://github.com/keycloak/security/issues/27", url: "https://github.com/keycloak/security/issues/27", }, ], release_date: "2022-10-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.8, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "keycloak: Client Registration endpoint does not check token revocation", }, { acknowledgments: [ { names: [ "Jordi Zayuelas i Muñoz", ], organization: "A1 Digital", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2023-0264", cwe: { id: "CWE-303", name: "Incorrect Implementation of Authentication Algorithm", }, discovery_date: "2023-01-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2160585", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak's OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: user impersonation via stolen uuid code", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0264", }, { category: "external", summary: "RHBZ#2160585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2160585", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0264", url: "https://www.cve.org/CVERecord?id=CVE-2023-0264", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", }, ], release_date: "2023-02-28T18:58:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1047", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: user impersonation via stolen uuid code", }, ], }
rhsa-2023_1049
Vulnerability from csaf_redhat
Published
2023-03-01 21:58
Modified
2024-12-18 00:38
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update
Notes
Topic
A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* keycloak: missing email notification template allowlist (CVE-2022-1274)
* keycloak: minimist: prototype pollution (CVE-2021-44906)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)
* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)
* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
* keycloak: reflected XSS attack (CVE-2022-4137)
* Keycloak Node.js Adapter: Open redirect vulnerability in checkSSO (CVE-2022-2237)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* keycloak: reflected XSS attack (CVE-2022-4137)\n* Keycloak Node.js Adapter: Open redirect vulnerability in checkSSO (CVE-2022-2237)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:1049", url: "https://access.redhat.com/errata/RHSA-2023:1049", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "2031904", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031904", }, { category: "external", summary: "2066009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066009", }, { category: "external", summary: "2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "2073157", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073157", }, { category: "external", summary: "2097007", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097007", }, { category: "external", summary: "2105075", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105075", }, { category: "external", summary: "2117506", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117506", }, { category: "external", summary: "2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "2140597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140597", }, { category: "external", summary: "2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2148496", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2148496", }, { category: "external", summary: "2150009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2150009", }, { category: "external", summary: "2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "2156263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156263", }, { category: "external", summary: "2156324", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156324", }, { category: "external", summary: "2158585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158585", }, { category: "external", summary: "2160585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2160585", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1049.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update", tracking: { current_release_date: "2024-12-18T00:38:25+00:00", generator: { date: "2024-12-18T00:38:25+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:1049", initial_release_date: "2023-03-01T21:58:17+00:00", revision_history: [ { date: "2023-03-01T21:58:17+00:00", number: "1", summary: "Initial version", }, { date: "2023-03-01T21:58:17+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-18T00:38:25+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7", product: { name: "Red Hat Single Sign-On 7", product_id: "Red Hat Single Sign-On 7", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2018-14040", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601614", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14040", }, { category: "external", summary: "RHBZ#1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14040", url: "https://www.cve.org/CVERecord?id=CVE-2018-14040", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", }, { cve: "CVE-2018-14042", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601617", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14042", }, { category: "external", summary: "RHBZ#1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14042", url: "https://www.cve.org/CVERecord?id=CVE-2018-14042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", }, { cve: "CVE-2019-11358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-03-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1701972", }, ], notes: [ { category: "description", text: "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11358", }, { category: "external", summary: "RHBZ#1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11358", url: "https://www.cve.org/CVERecord?id=CVE-2019-11358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", }, { category: "external", summary: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { category: "external", summary: "https://www.drupal.org/sa-core-2019-006", url: "https://www.drupal.org/sa-core-2019-006", }, ], release_date: "2019-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", }, { cve: "CVE-2020-11022", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-04-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1828406", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", title: "Vulnerability summary", }, { category: "other", text: "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11022", }, { category: "external", summary: "RHBZ#1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11022", url: "https://www.cve.org/CVERecord?id=CVE-2020-11022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", }, { category: "external", summary: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", url: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", }, ], release_date: "2020-04-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", }, { cve: "CVE-2020-11023", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-06-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1850004", }, ], notes: [ { category: "description", text: "A flaw was found in jQuery. HTML containing \\<option\\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11023", }, { category: "external", summary: "RHBZ#1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11023", url: "https://www.cve.org/CVERecord?id=CVE-2020-11023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", }, { category: "external", summary: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, ], release_date: "2020-04-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", }, { cve: "CVE-2021-35065", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-12-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2156324", }, ], notes: [ { category: "description", text: "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", title: "Vulnerability description", }, { category: "summary", text: "glob-parent: Regular Expression Denial of Service", title: "Vulnerability summary", }, { category: "other", text: "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-35065", }, { category: "external", summary: "RHBZ#2156324", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156324", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-35065", url: "https://www.cve.org/CVERecord?id=CVE-2021-35065", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", url: "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", }, ], release_date: "2022-12-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "glob-parent: Regular Expression Denial of Service", }, { cve: "CVE-2021-44906", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, discovery_date: "2022-03-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2066009", }, ], notes: [ { category: "description", text: "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", title: "Vulnerability description", }, { category: "summary", text: "minimist: prototype pollution", title: "Vulnerability summary", }, { category: "other", text: "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44906", }, { category: "external", summary: "RHBZ#2066009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44906", url: "https://www.cve.org/CVERecord?id=CVE-2021-44906", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", }, { category: "external", summary: "https://github.com/advisories/GHSA-xvch-5gv4-984h", url: "https://github.com/advisories/GHSA-xvch-5gv4-984h", }, ], release_date: "2022-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "minimist: prototype pollution", }, { acknowledgments: [ { names: [ "Marcus Nilsson", ], organization: "usd AG", }, ], cve: "CVE-2022-1274", cwe: { id: "CWE-80", name: "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", }, discovery_date: "2022-04-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073157", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: HTML injection in execute-actions-email Admin REST API", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1274", }, { category: "external", summary: "RHBZ#2073157", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073157", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1274", url: "https://www.cve.org/CVERecord?id=CVE-2022-1274", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", }, ], release_date: "2023-02-28T18:57:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: HTML injection in execute-actions-email Admin REST API", }, { acknowledgments: [ { names: [ "Grzegorz Tworek", ], organization: "SISOFT s.c.", }, ], cve: "CVE-2022-1438", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2021-12-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031904", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: XSS on impersonation under specific circumstances", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1438", }, { category: "external", summary: "RHBZ#2031904", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031904", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1438", url: "https://www.cve.org/CVERecord?id=CVE-2022-1438", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1438", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1438", }, ], release_date: "2023-02-28T18:56:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: XSS on impersonation under specific circumstances", }, { cve: "CVE-2022-1471", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-12-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2150009", }, ], notes: [ { category: "description", text: "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).", title: "Vulnerability description", }, { category: "summary", text: "SnakeYaml: Constructor Deserialization Remote Code Execution", title: "Vulnerability summary", }, { category: "other", text: "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml's SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker's control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml's Constructor class nor pass untrusted data to this class. When this class is used, it’s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1471", }, { category: "external", summary: "RHBZ#2150009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2150009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1471", url: "https://www.cve.org/CVERecord?id=CVE-2022-1471", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", url: "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", }, ], release_date: "2022-10-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "SnakeYaml: Constructor Deserialization Remote Code Execution", }, { acknowledgments: [ { names: [ "Aytaç Kalıncı", "Ilker Bulgurcu", "Yasin Yılmaz", ], organization: "NETAŞ PENTEST TEAM", }, ], cve: "CVE-2022-2237", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, discovery_date: "2022-06-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2097007", }, ], notes: [ { category: "description", text: "A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.", title: "Vulnerability description", }, { category: "summary", text: "Adapter: Open redirect vulnerability in checkSSO", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported. Therefore, this flaw will not be addressed in CodeReady Studio. Please see https://developers.redhat.com/articles/2022/04/18/announcement-red-hat-codeready-studio-reaches-end-life for more information.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2237", }, { category: "external", summary: "RHBZ#2097007", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097007", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2237", url: "https://www.cve.org/CVERecord?id=CVE-2022-2237", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2237", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2237", }, ], release_date: "2023-03-01T13:57:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Adapter: Open redirect vulnerability in checkSSO", }, { cve: "CVE-2022-2764", discovery_date: "2022-08-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2117506", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2764", }, { category: "external", summary: "RHBZ#2117506", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117506", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2764", url: "https://www.cve.org/CVERecord?id=CVE-2022-2764", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", }, ], release_date: "2022-08-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", }, { cve: "CVE-2022-3782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-10-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2138971", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: path traversal via double URL encoding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { category: "external", summary: "RHBZ#2138971", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3782", url: "https://www.cve.org/CVERecord?id=CVE-2022-3782", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: path traversal via double URL encoding", }, { acknowledgments: [ { names: [ "Peter Flintholm", ], organization: "Trifork", }, ], cve: "CVE-2022-3916", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2022-11-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2141404", }, ], notes: [ { category: "description", text: "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Session takeover with OIDC offline refreshtokens", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3916", }, { category: "external", summary: "RHBZ#2141404", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3916", url: "https://www.cve.org/CVERecord?id=CVE-2022-3916", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", }, ], release_date: "2022-11-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Session takeover with OIDC offline refreshtokens", }, { cve: "CVE-2022-4137", cwe: { id: "CWE-81", name: "Improper Neutralization of Script in an Error Message Web Page", }, discovery_date: "2022-11-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2148496", }, ], notes: [ { category: "description", text: "A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: reflected XSS attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4137", }, { category: "external", summary: "RHBZ#2148496", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2148496", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4137", url: "https://www.cve.org/CVERecord?id=CVE-2022-4137", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4137", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4137", }, ], release_date: "2023-03-01T13:56:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: reflected XSS attack", }, { cve: "CVE-2022-24785", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-04-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2072009", }, ], notes: [ { category: "description", text: "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", title: "Vulnerability description", }, { category: "summary", text: "Moment.js: Path traversal in moment.locale", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24785", }, { category: "external", summary: "RHBZ#2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24785", url: "https://www.cve.org/CVERecord?id=CVE-2022-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", url: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, { category: "workaround", details: "Sanitize the user-provided locale name before passing it to Moment.js.", product_ids: [ "Red Hat Single Sign-On 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Moment.js: Path traversal in moment.locale", }, { cve: "CVE-2022-25857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2126789", }, ], notes: [ { category: "description", text: "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", title: "Vulnerability summary", }, { category: "other", text: "For RHEL-8 it's downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn't shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it's not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-25857", }, { category: "external", summary: "RHBZ#2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-25857", url: "https://www.cve.org/CVERecord?id=CVE-2022-25857", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", }, ], release_date: "2022-08-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", }, { cve: "CVE-2022-31129", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-07-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2105075", }, ], notes: [ { category: "description", text: "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", title: "Vulnerability description", }, { category: "summary", text: "moment: inefficient parsing algorithm resulting in DoS", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-31129", }, { category: "external", summary: "RHBZ#2105075", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105075", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-31129", url: "https://www.cve.org/CVERecord?id=CVE-2022-31129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", url: "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", }, ], release_date: "2022-07-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "moment: inefficient parsing algorithm resulting in DoS", }, { cve: "CVE-2022-37603", cwe: { id: "CWE-185", name: "Incorrect Regular Expression", }, discovery_date: "2022-11-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2140597", }, ], notes: [ { category: "description", text: "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.", title: "Vulnerability description", }, { category: "summary", text: "loader-utils: Regular expression denial of service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-37603", }, { category: "external", summary: "RHBZ#2140597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-37603", url: "https://www.cve.org/CVERecord?id=CVE-2022-37603", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", }, ], release_date: "2022-10-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "loader-utils: Regular expression denial of service", }, { cve: "CVE-2022-38749", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129706", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38749", }, { category: "external", summary: "RHBZ#2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38749", url: "https://www.cve.org/CVERecord?id=CVE-2022-38749", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", }, { cve: "CVE-2022-38750", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129707", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38750", }, { category: "external", summary: "RHBZ#2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38750", url: "https://www.cve.org/CVERecord?id=CVE-2022-38750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", }, { cve: "CVE-2022-38751", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129709", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38751", }, { category: "external", summary: "RHBZ#2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38751", url: "https://www.cve.org/CVERecord?id=CVE-2022-38751", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "Red Hat Single Sign-On 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46175", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, discovery_date: "2022-12-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2156263", }, ], notes: [ { category: "description", text: "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", title: "Vulnerability description", }, { category: "summary", text: "json5: Prototype Pollution in JSON5 via Parse Method", title: "Vulnerability summary", }, { category: "other", text: "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46175", }, { category: "external", summary: "RHBZ#2156263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156263", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46175", url: "https://www.cve.org/CVERecord?id=CVE-2022-46175", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", }, { category: "external", summary: "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", url: "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", }, ], release_date: "2022-12-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "json5: Prototype Pollution in JSON5 via Parse Method", }, { cve: "CVE-2022-46363", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155681", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", title: "Vulnerability description", }, { category: "summary", text: "CXF: directory listing / code exfiltration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46363", }, { category: "external", summary: "RHBZ#2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46363", url: "https://www.cve.org/CVERecord?id=CVE-2022-46363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", }, { category: "external", summary: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", url: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: directory listing / code exfiltration", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, { acknowledgments: [ { names: [ "Sourav Kumar", ], organization: "https://github.com/souravs17031999", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2023-0091", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-10-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2158585", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Client Registration endpoint does not check token revocation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0091", }, { category: "external", summary: "RHBZ#2158585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158585", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0091", url: "https://www.cve.org/CVERecord?id=CVE-2023-0091", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", }, { category: "external", summary: "https://github.com/keycloak/security/issues/27", url: "https://github.com/keycloak/security/issues/27", }, ], release_date: "2022-10-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.8, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "keycloak: Client Registration endpoint does not check token revocation", }, { acknowledgments: [ { names: [ "Jordi Zayuelas i Muñoz", ], organization: "A1 Digital", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2023-0264", cwe: { id: "CWE-303", name: "Incorrect Implementation of Authentication Algorithm", }, discovery_date: "2023-01-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2160585", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak's OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: user impersonation via stolen uuid code", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0264", }, { category: "external", summary: "RHBZ#2160585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2160585", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0264", url: "https://www.cve.org/CVERecord?id=CVE-2023-0264", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", }, ], release_date: "2023-02-28T18:58:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-03-01T21:58:17+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:1049", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat Single Sign-On 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: user impersonation via stolen uuid code", }, ], }
ghsa-g8q8-fggx-9r3q
Vulnerability from github
Published
2022-12-13 19:44
Modified
2023-01-25 21:37
Severity ?
Summary
Keycloak vulnerable to path traversal via double URL encoding
Details
Keycloak does not properly validate URLs included in a redirect. An attacker could construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain, or possibly conduct further attacks.
{ affected: [ { database_specific: { last_known_affected_version_range: "<= 20.0.0", }, package: { ecosystem: "Maven", name: "org.keycloak:keycloak-parent", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "20.0.2", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2022-3782", ], database_specific: { cwe_ids: [ "CWE-177", "CWE-22", ], github_reviewed: true, github_reviewed_at: "2022-12-13T19:44:56Z", nvd_published_at: "2023-01-13T06:15:00Z", severity: "CRITICAL", }, details: "Keycloak does not properly validate URLs included in a redirect. An attacker could construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain, or possibly conduct further attacks.", id: "GHSA-g8q8-fggx-9r3q", modified: "2023-01-25T21:37:00Z", published: "2022-12-13T19:44:56Z", references: [ { type: "WEB", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-g8q8-fggx-9r3q", }, { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", }, { type: "WEB", url: "https://github.com/keycloak/keycloak/pull/15982/commits/1987c942f527b9f3bbf2a86ba71ba8ae0154ac37", }, { type: "WEB", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { type: "PACKAGE", url: "https://github.com/keycloak/keycloak", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", type: "CVSS_V3", }, ], summary: "Keycloak vulnerable to path traversal via double URL encoding ", }
wid-sec-w-2023-0200
Vulnerability from csaf_certbund
Published
2023-01-25 23:00
Modified
2024-02-19 23:00
Summary
Keycloak: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Keycloak ermöglicht Single Sign-On mit Identity and Access Management für moderne Anwendungen und Dienste.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Keycloak ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Keycloak ermöglicht Single Sign-On mit Identity and Access Management für moderne Anwendungen und Dienste.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Keycloak ausnutzen, um Sicherheitsvorkehrungen zu umgehen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows\n- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-0200 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0200.json", }, { category: "self", summary: "WID-SEC-2023-0200 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0200", }, { category: "external", summary: "National Vulnerability Database - CVE-2022-3782 Detail vom 2023-01-25", url: "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3782", }, { category: "external", summary: "GitHub Security Advisory GHSA-g8q8-fggx-9r3q", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-g8q8-fggx-9r3q", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1044 vom 2023-03-02", url: "https://access.redhat.com/errata/RHSA-2023:1044", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1045 vom 2023-03-02", url: "https://access.redhat.com/errata/RHSA-2023:1045", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1047 vom 2023-03-02", url: "https://access.redhat.com/errata/RHSA-2023:1047", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1049 vom 2023-03-02", url: "https://access.redhat.com/errata/RHSA-2023:1049", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1043 vom 2023-03-02", url: "https://access.redhat.com/errata/RHSA-2023:1043", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1285 vom 2023-03-16", url: "https://access.redhat.com/errata/RHSA-2023:1285", }, { category: "external", summary: "Hitachi Software Vulnerability Information hitachi-sec-2023-116 vom 2023-05-23", url: "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-116/index.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3815 vom 2023-06-27", url: "https://access.redhat.com/errata/RHSA-2023:3815", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3809 vom 2023-06-29", url: "https://access.redhat.com/errata/RHSA-2023:3809", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:2135 vom 2024-02-19", url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], source_lang: "en-US", title: "Keycloak: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen", tracking: { current_release_date: "2024-02-19T23:00:00.000+00:00", generator: { date: "2024-08-15T17:42:23.820+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-0200", initial_release_date: "2023-01-25T23:00:00.000+00:00", revision_history: [ { date: "2023-01-25T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-01-26T23:00:00.000+00:00", number: "2", summary: "Update Keycloak 20.0.2 aufgenommen", }, { date: "2023-03-01T23:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-03-16T23:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-05-22T22:00:00.000+00:00", number: "5", summary: "Neue Updates von HITACHI aufgenommen", }, { date: "2023-06-27T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-06-29T22:00:00.000+00:00", number: "7", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-02-19T23:00:00.000+00:00", number: "8", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "8", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Hitachi Ops Center", product: { name: "Hitachi Ops Center", product_id: "T017562", product_identification_helper: { cpe: "cpe:/a:hitachi:ops_center:-", }, }, }, ], category: "vendor", name: "Hitachi", }, { branches: [ { branches: [ { category: "product_name", name: "Open Source Keycloak", product: { name: "Open Source Keycloak", product_id: "T024196", product_identification_helper: { cpe: "cpe:/a:keycloak:keycloak:-", }, }, }, { category: "product_version_range", name: "< 20.0.2", product: { name: "Open Source Keycloak < 20.0.2", product_id: "T026040", }, }, ], category: "product_name", name: "Keycloak", }, ], category: "vendor", name: "Open Source", }, { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { category: "product_version", name: "Quarkus", product: { name: "Red Hat Enterprise Linux Quarkus", product_id: "T028364", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:quarkus", }, }, }, ], category: "product_name", name: "Enterprise Linux", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Keycloak. Der Fehler besteht aufgrund einer unsachgemäßen Validierung von URLs mit eingeschlossenen Weiterleitungen, was zu einem Path Traversal führt. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um die Validierung zu umgehen und auf andere URLs und potenziell vertrauliche Informationen innerhalb der Domäne zuzugreifen oder möglicherweise weitere Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T028364", "67646", "T024196", "T017562", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-3782", }, ], }
WID-SEC-W-2023-0864
Vulnerability from csaf_certbund
Published
2023-04-05 22:00
Modified
2023-05-18 22:00
Summary
Red Hat JBoss A-MQ: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JBoss A-MQ ist eine Messaging-Plattform.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat JBoss A-MQ ausnutzen, um Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen und einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme
- UNIX
- Linux
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "JBoss A-MQ ist eine Messaging-Plattform.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat JBoss A-MQ ausnutzen, um Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen und einen Denial-of-Service-Zustand zu verursachen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-0864 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0864.json", }, { category: "self", summary: "WID-SEC-2023-0864 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0864", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3185 vom 2023-05-17", url: "https://access.redhat.com/errata/RHSA-2023:3185", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1855 vom 2023-04-19", url: "https://access.redhat.com/errata/RHSA-2023:1855", }, { category: "external", summary: "Red Hat Security Advisory vom 2023-04-05", url: "https://access.redhat.com/errata/RHSA-2023:1661", }, ], source_lang: "en-US", title: "Red Hat JBoss A-MQ: Mehrere Schwachstellen", tracking: { current_release_date: "2023-05-18T22:00:00.000+00:00", generator: { date: "2024-08-15T17:48:10.661+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-0864", initial_release_date: "2023-04-05T22:00:00.000+00:00", revision_history: [ { date: "2023-04-05T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-04-18T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-05-18T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { branches: [ { category: "product_name", name: "Red Hat JBoss A-MQ Broker < 7.11.0", product: { name: "Red Hat JBoss A-MQ Broker < 7.11.0", product_id: "T027097", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_amq:broker__7.11.0", }, }, }, { category: "product_name", name: "Red Hat JBoss A-MQ < 7.10.3", product: { name: "Red Hat JBoss A-MQ < 7.10.3", product_id: "T027762", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_amq:7.10.3", }, }, }, ], category: "product_name", name: "JBoss A-MQ", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Red Hat JBoss A-MQ. Der Fehler besteht in Keycloak aufgrund einer unsachgemäßen Validierung von URLs, die in einer Weiterleitung enthalten sind. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er eine bösartige Anfrage konstruiert, um die Validierung zu umgehen und auf andere URLs und potenziell vertrauliche Informationen innerhalb der Domain zuzugreifen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "67646", "T027762", ], }, release_date: "2023-04-05T22:00:00.000+00:00", title: "CVE-2022-3782", }, { cve: "CVE-2022-22971", notes: [ { category: "description", text: "In Red Hat JBoss A-MQ existieren mehrere Schwachstellen. Die Fehler bestehen im Spring Framework und treten auf, wenn Anwendungen STOMP über den WebSocket-Endpunkt verwenden oder wenn Anwendungen Datei-Uploads verarbeiten und sich auf Datenbindungen verlassen, um ein MultipartFile oder javax.servlet.Part auf ein Feld in einem Modellobjekt zu setzen. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "67646", "T027762", ], }, release_date: "2023-04-05T22:00:00.000+00:00", title: "CVE-2022-22971", }, { cve: "CVE-2022-22970", notes: [ { category: "description", text: "In Red Hat JBoss A-MQ existieren mehrere Schwachstellen. Die Fehler bestehen im Spring Framework und treten auf, wenn Anwendungen STOMP über den WebSocket-Endpunkt verwenden oder wenn Anwendungen Datei-Uploads verarbeiten und sich auf Datenbindungen verlassen, um ein MultipartFile oder javax.servlet.Part auf ein Feld in einem Modellobjekt zu setzen. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "67646", "T027762", ], }, release_date: "2023-04-05T22:00:00.000+00:00", title: "CVE-2022-22970", }, { cve: "CVE-2022-2047", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Red Hat JBoss A-MQ. Der Fehler besteht in Eclipse Jetty beim Parsen des Autoritätssegments einer HTTP-Schema-URI. Unter diesen Umständen erkennt die Jetty HttpURI-Klasse fälschlicherweise eine ungültige Eingabe als Hostname, was zu Fehlern in einem Proxy-Szenario führt. Ein entfernter, authentisierter Angreifer mit bestimmten Rechten kann diese Schwachstelle zur Umgehung von Sicherheitsmaßnahmen ausnutzen.", }, ], product_status: { known_affected: [ "67646", "T027762", ], }, release_date: "2023-04-05T22:00:00.000+00:00", title: "CVE-2022-2047", }, { cve: "CVE-2022-1278", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Red Hat JBoss A-MQ. Der Fehler besteht in Wildfly. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Einsatznamen, Endpunkte und alle anderen Daten, die die Trace-Nutzlast enthalten kann, zu sehen.", }, ], product_status: { known_affected: [ "67646", "T027762", ], }, release_date: "2023-04-05T22:00:00.000+00:00", title: "CVE-2022-1278", }, ], }
WID-SEC-W-2023-0200
Vulnerability from csaf_certbund
Published
2023-01-25 23:00
Modified
2024-02-19 23:00
Summary
Keycloak: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Keycloak ermöglicht Single Sign-On mit Identity and Access Management für moderne Anwendungen und Dienste.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Keycloak ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Keycloak ermöglicht Single Sign-On mit Identity and Access Management für moderne Anwendungen und Dienste.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Keycloak ausnutzen, um Sicherheitsvorkehrungen zu umgehen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows\n- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-0200 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0200.json", }, { category: "self", summary: "WID-SEC-2023-0200 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0200", }, { category: "external", summary: "National Vulnerability Database - CVE-2022-3782 Detail vom 2023-01-25", url: "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3782", }, { category: "external", summary: "GitHub Security Advisory GHSA-g8q8-fggx-9r3q", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-g8q8-fggx-9r3q", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1044 vom 2023-03-02", url: "https://access.redhat.com/errata/RHSA-2023:1044", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1045 vom 2023-03-02", url: "https://access.redhat.com/errata/RHSA-2023:1045", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1047 vom 2023-03-02", url: "https://access.redhat.com/errata/RHSA-2023:1047", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1049 vom 2023-03-02", url: "https://access.redhat.com/errata/RHSA-2023:1049", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1043 vom 2023-03-02", url: "https://access.redhat.com/errata/RHSA-2023:1043", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1285 vom 2023-03-16", url: "https://access.redhat.com/errata/RHSA-2023:1285", }, { category: "external", summary: "Hitachi Software Vulnerability Information hitachi-sec-2023-116 vom 2023-05-23", url: "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-116/index.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3815 vom 2023-06-27", url: "https://access.redhat.com/errata/RHSA-2023:3815", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3809 vom 2023-06-29", url: "https://access.redhat.com/errata/RHSA-2023:3809", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:2135 vom 2024-02-19", url: "https://access.redhat.com/errata/RHSA-2023:2135", }, ], source_lang: "en-US", title: "Keycloak: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen", tracking: { current_release_date: "2024-02-19T23:00:00.000+00:00", generator: { date: "2024-08-15T17:42:23.820+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-0200", initial_release_date: "2023-01-25T23:00:00.000+00:00", revision_history: [ { date: "2023-01-25T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-01-26T23:00:00.000+00:00", number: "2", summary: "Update Keycloak 20.0.2 aufgenommen", }, { date: "2023-03-01T23:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-03-16T23:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-05-22T22:00:00.000+00:00", number: "5", summary: "Neue Updates von HITACHI aufgenommen", }, { date: "2023-06-27T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-06-29T22:00:00.000+00:00", number: "7", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-02-19T23:00:00.000+00:00", number: "8", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "8", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Hitachi Ops Center", product: { name: "Hitachi Ops Center", product_id: "T017562", product_identification_helper: { cpe: "cpe:/a:hitachi:ops_center:-", }, }, }, ], category: "vendor", name: "Hitachi", }, { branches: [ { branches: [ { category: "product_name", name: "Open Source Keycloak", product: { name: "Open Source Keycloak", product_id: "T024196", product_identification_helper: { cpe: "cpe:/a:keycloak:keycloak:-", }, }, }, { category: "product_version_range", name: "< 20.0.2", product: { name: "Open Source Keycloak < 20.0.2", product_id: "T026040", }, }, ], category: "product_name", name: "Keycloak", }, ], category: "vendor", name: "Open Source", }, { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { category: "product_version", name: "Quarkus", product: { name: "Red Hat Enterprise Linux Quarkus", product_id: "T028364", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:quarkus", }, }, }, ], category: "product_name", name: "Enterprise Linux", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Keycloak. Der Fehler besteht aufgrund einer unsachgemäßen Validierung von URLs mit eingeschlossenen Weiterleitungen, was zu einem Path Traversal führt. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um die Validierung zu umgehen und auf andere URLs und potenziell vertrauliche Informationen innerhalb der Domäne zuzugreifen oder möglicherweise weitere Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T028364", "67646", "T024196", "T017562", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-3782", }, ], }
wid-sec-w-2023-0864
Vulnerability from csaf_certbund
Published
2023-04-05 22:00
Modified
2023-05-18 22:00
Summary
Red Hat JBoss A-MQ: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JBoss A-MQ ist eine Messaging-Plattform.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat JBoss A-MQ ausnutzen, um Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen und einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme
- UNIX
- Linux
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "JBoss A-MQ ist eine Messaging-Plattform.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat JBoss A-MQ ausnutzen, um Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen und einen Denial-of-Service-Zustand zu verursachen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-0864 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0864.json", }, { category: "self", summary: "WID-SEC-2023-0864 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0864", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3185 vom 2023-05-17", url: "https://access.redhat.com/errata/RHSA-2023:3185", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1855 vom 2023-04-19", url: "https://access.redhat.com/errata/RHSA-2023:1855", }, { category: "external", summary: "Red Hat Security Advisory vom 2023-04-05", url: "https://access.redhat.com/errata/RHSA-2023:1661", }, ], source_lang: "en-US", title: "Red Hat JBoss A-MQ: Mehrere Schwachstellen", tracking: { current_release_date: "2023-05-18T22:00:00.000+00:00", generator: { date: "2024-08-15T17:48:10.661+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-0864", initial_release_date: "2023-04-05T22:00:00.000+00:00", revision_history: [ { date: "2023-04-05T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-04-18T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-05-18T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { branches: [ { category: "product_name", name: "Red Hat JBoss A-MQ Broker < 7.11.0", product: { name: "Red Hat JBoss A-MQ Broker < 7.11.0", product_id: "T027097", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_amq:broker__7.11.0", }, }, }, { category: "product_name", name: "Red Hat JBoss A-MQ < 7.10.3", product: { name: "Red Hat JBoss A-MQ < 7.10.3", product_id: "T027762", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_amq:7.10.3", }, }, }, ], category: "product_name", name: "JBoss A-MQ", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-3782", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Red Hat JBoss A-MQ. Der Fehler besteht in Keycloak aufgrund einer unsachgemäßen Validierung von URLs, die in einer Weiterleitung enthalten sind. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er eine bösartige Anfrage konstruiert, um die Validierung zu umgehen und auf andere URLs und potenziell vertrauliche Informationen innerhalb der Domain zuzugreifen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "67646", "T027762", ], }, release_date: "2023-04-05T22:00:00.000+00:00", title: "CVE-2022-3782", }, { cve: "CVE-2022-22971", notes: [ { category: "description", text: "In Red Hat JBoss A-MQ existieren mehrere Schwachstellen. Die Fehler bestehen im Spring Framework und treten auf, wenn Anwendungen STOMP über den WebSocket-Endpunkt verwenden oder wenn Anwendungen Datei-Uploads verarbeiten und sich auf Datenbindungen verlassen, um ein MultipartFile oder javax.servlet.Part auf ein Feld in einem Modellobjekt zu setzen. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "67646", "T027762", ], }, release_date: "2023-04-05T22:00:00.000+00:00", title: "CVE-2022-22971", }, { cve: "CVE-2022-22970", notes: [ { category: "description", text: "In Red Hat JBoss A-MQ existieren mehrere Schwachstellen. Die Fehler bestehen im Spring Framework und treten auf, wenn Anwendungen STOMP über den WebSocket-Endpunkt verwenden oder wenn Anwendungen Datei-Uploads verarbeiten und sich auf Datenbindungen verlassen, um ein MultipartFile oder javax.servlet.Part auf ein Feld in einem Modellobjekt zu setzen. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "67646", "T027762", ], }, release_date: "2023-04-05T22:00:00.000+00:00", title: "CVE-2022-22970", }, { cve: "CVE-2022-2047", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Red Hat JBoss A-MQ. Der Fehler besteht in Eclipse Jetty beim Parsen des Autoritätssegments einer HTTP-Schema-URI. Unter diesen Umständen erkennt die Jetty HttpURI-Klasse fälschlicherweise eine ungültige Eingabe als Hostname, was zu Fehlern in einem Proxy-Szenario führt. Ein entfernter, authentisierter Angreifer mit bestimmten Rechten kann diese Schwachstelle zur Umgehung von Sicherheitsmaßnahmen ausnutzen.", }, ], product_status: { known_affected: [ "67646", "T027762", ], }, release_date: "2023-04-05T22:00:00.000+00:00", title: "CVE-2022-2047", }, { cve: "CVE-2022-1278", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Red Hat JBoss A-MQ. Der Fehler besteht in Wildfly. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Einsatznamen, Endpunkte und alle anderen Daten, die die Trace-Nutzlast enthalten kann, zu sehen.", }, ], product_status: { known_affected: [ "67646", "T027762", ], }, release_date: "2023-04-05T22:00:00.000+00:00", title: "CVE-2022-1278", }, ], }
gsd-2022-3782
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.
Aliases
Aliases
{ GSD: { alias: "CVE-2022-3782", id: "GSD-2022-3782", references: [ "https://access.redhat.com/errata/RHSA-2022:8961", "https://access.redhat.com/errata/RHSA-2022:8962", "https://access.redhat.com/errata/RHSA-2022:8963", "https://access.redhat.com/errata/RHSA-2022:8964", "https://access.redhat.com/errata/RHSA-2022:8965", "https://access.redhat.com/errata/RHSA-2023:1043", "https://access.redhat.com/errata/RHSA-2023:1044", "https://access.redhat.com/errata/RHSA-2023:1045", "https://access.redhat.com/errata/RHSA-2023:1047", "https://access.redhat.com/errata/RHSA-2023:1049", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2022-3782", ], details: "keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", id: "GSD-2022-3782", modified: "2023-12-13T01:19:40.091372Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2022-3782", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Keycloak", version: { version_data: [ { version_affected: "=", version_value: "20.0.2", }, ], }, }, ], }, vendor_name: "redhat.com", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://access.redhat.com/security/cve/CVE-2022-3782", refsource: "MISC", url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, ], }, }, "gitlab.com": { advisories: [ { affected_range: "(,20.0.0]", affected_versions: "All versions up to 20.0.0", cwe_ids: [ "CWE-1035", "CWE-937", ], date: "2022-12-13", description: "Keycloak does not properly validate URLs included in a redirect. An attacker could construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain, or possibly conduct further attacks.", fixed_versions: [ "20.0.2", ], identifier: "GMS-2022-8407", identifiers: [ "GHSA-g8q8-fggx-9r3q", "GMS-2022-8407", "CVE-2022-3782", ], not_impacted: "All versions after 20.0.0", package_slug: "maven/org.keycloak/keycloak-parent", pubdate: "2022-12-13", solution: "Upgrade to version 20.0.2 or above.", title: "Keycloak vulnerable to path traversal via double URL encoding ", urls: [ "https://github.com/keycloak/keycloak/security/advisories/GHSA-g8q8-fggx-9r3q", "https://github.com/keycloak/keycloak/pull/15982/commits/1987c942f527b9f3bbf2a86ba71ba8ae0154ac37", "https://github.com/advisories/GHSA-g8q8-fggx-9r3q", ], uuid: "2e17aa31-637e-48dd-8d7c-a7076c1845e6", }, { affected_range: "[20.0.2]", affected_versions: "Version 20.0.2", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", cwe_ids: [ "CWE-1035", "CWE-22", "CWE-937", ], date: "2023-01-25", description: "keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", fixed_versions: [], identifier: "CVE-2022-3782", identifiers: [ "CVE-2022-3782", ], not_impacted: "", package_slug: "maven/org.keycloak/keycloak-services", pubdate: "2023-01-13", solution: "Unfortunately, there is no solution available yet.", title: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", "https://access.redhat.com/security/cve/CVE-2022-3782", ], uuid: "23488a18-3920-4193-bf61-f5d68c14dd06", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:keycloak:20.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2022-3782", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-22", }, ], }, ], }, references: { reference_data: [ { name: "https://access.redhat.com/security/cve/CVE-2022-3782", refsource: "MISC", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, ], }, }, impact: { baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, }, }, lastModifiedDate: "2023-01-25T20:38Z", publishedDate: "2023-01-13T06:15Z", }, }, }
fkie_cve-2022-3782
Vulnerability from fkie_nvd
Published
2023-01-13 06:15
Modified
2024-11-21 07:20
Severity ?
Summary
keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2022-3782 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2022-3782 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:keycloak:20.0.2:*:*:*:*:*:*:*", matchCriteriaId: "703CD4CB-29AA-4354-B210-AD78774525E1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", }, { lang: "es", value: "Keycloack: Path Traversal mediante codificación de URL doble. Se encontró una falla en Keycloak, donde no valida correctamente las URL incluidas en una redirección. Un atacante puede utilizar esta falla para crear una solicitud maliciosa para eludir la validación y acceder a otras URL e información potencialmente confidencial dentro del dominio o posiblemente realizar más ataques. Esta falla afecta a cualquier cliente que utilice un comodín en el campo URI de redireccionamiento válido.", }, ], id: "CVE-2022-3782", lastModified: "2024-11-21T07:20:13.763", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-13T06:15:11.187", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2022-3782", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.