Action not permitted
Modal body text goes here.
cve-2023-44387
Vulnerability from cvelistv5
Published
2023-10-05 17:51
Modified
2024-08-02 20:07
Severity ?
EPSS score ?
Summary
Gradle has incorrect permission assignment for symlinked files used in copy or archiving operations
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:07:32.921Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9" }, { "name": "https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7" }, { "name": "https://github.com/gradle/gradle/releases/tag/v7.6.3", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/gradle/gradle/releases/tag/v7.6.3" }, { "name": "https://github.com/gradle/gradle/releases/tag/v8.4.0", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/gradle/gradle/releases/tag/v8.4.0" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231110-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "gradle", "vendor": "gradle", "versions": [ { "status": "affected", "version": "\u003e= 7.6.0, \u003c 7.6.3" }, { "status": "affected", "version": "\u003c 8.4.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-05T17:51:15.407Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9" }, { "name": "https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7" }, { "name": "https://github.com/gradle/gradle/releases/tag/v7.6.3", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/gradle/gradle/releases/tag/v7.6.3" }, { "name": "https://github.com/gradle/gradle/releases/tag/v8.4.0", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/gradle/gradle/releases/tag/v8.4.0" }, { "url": "https://security.netapp.com/advisory/ntap-20231110-0006/" } ], "source": { "advisory": "GHSA-43r3-pqhv-f7h9", "discovery": "UNKNOWN" }, "title": "Gradle has incorrect permission assignment for symlinked files used in copy or archiving operations" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-44387", "datePublished": "2023-10-05T17:51:15.407Z", "dateReserved": "2023-09-28T17:56:32.613Z", "dateUpdated": "2024-08-02T20:07:32.921Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-44387\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-10-05T18:15:12.787\",\"lastModified\":\"2024-01-21T01:54:43.317\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file.\"},{\"lang\":\"es\",\"value\":\"Gradle es una herramienta de compilaci\u00f3n centrada en la automatizaci\u00f3n de la compilaci\u00f3n y soporte para el desarrollo en varios idiomas. Al copiar o archivar archivos vinculados simb\u00f3licamente, Gradle los resuelve pero aplica los permisos del enlace simb\u00f3lico en lugar de los permisos del archivo vinculado al archivo resultante. Esto lleva a que los archivos tengan demasiados permisos, dado que los enlaces simb\u00f3licos suelen ser legibles y escribibles por todo el mundo. Si bien es poco probable que esto resulte en una vulnerabilidad directa para la compilaci\u00f3n afectada, puede abrir vectores de ataque dependiendo de d\u00f3nde terminen copi\u00e1ndose o desarchiv\u00e1ndose los artefactos de la compilaci\u00f3n. En las versiones 7.6.3, 8.4 y superiores, Gradle ahora usar\u00e1 correctamente los permisos del archivo al que apunta el enlace simb\u00f3lico para establecer los permisos del archivo copiado o archivado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":3.2,\"baseSeverity\":\"LOW\"},\"exploitabilityScore\":1.5,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.6.3\",\"matchCriteriaId\":\"77803A01-94E7-4C76-BAF3-ED44AE596010\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.4.0\",\"matchCriteriaId\":\"E104EF19-8B72-4A31-B2AC-8312F7C6452F\"}]}]}],\"references\":[{\"url\":\"https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/gradle/gradle/releases/tag/v7.6.3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/gradle/gradle/releases/tag/v8.4.0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231110-0006/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
rhsa-2023_7678
Vulnerability from csaf_redhat
Published
2023-12-06 23:30
Modified
2024-11-15 17:37
Summary
Red Hat Security Advisory: Red Hat AMQ Streams 2.6.0 release and security update
Notes
Topic
Red Hat AMQ Streams 2.6.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 2.6.0 serves as a replacement for Red Hat AMQ Streams 2.5.1, and includes security and bug fixes, and enhancements.
Security Fix(es):
* JSON-java: parser confusion leads to OOM (CVE-2023-5072)
* spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry (CVE-2023-20873)
* zookeeper: Authorization Bypass in Apache ZooKeeper (CVE-2023-44981)
* apache-ivy: XML External Entity vulnerability (CVE-2022-46751)
* guava: insecure temporary directory creation (CVE-2023-2976)
* jose4j: Insecure iteration count setting (CVE-2023-31582)
* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)
* jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)
* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
* gradle: Possible local text file exfiltration by XML External entity injection (CVE-2023-42445)
* gradle: Incorrect permission assignment for symlinked files used in copy or archiving operations (CVE-2023-44387)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat AMQ Streams 2.6.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 2.6.0 serves as a replacement for Red Hat AMQ Streams 2.5.1, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n\n* JSON-java: parser confusion leads to OOM (CVE-2023-5072)\n\n* spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry (CVE-2023-20873)\n\n* zookeeper: Authorization Bypass in Apache ZooKeeper (CVE-2023-44981)\n\n* apache-ivy: XML External Entity vulnerability (CVE-2022-46751)\n\n* guava: insecure temporary directory creation (CVE-2023-2976)\n\n* jose4j: Insecure iteration count setting (CVE-2023-31582)\n\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n\n* jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)\n\n* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)\n\n* gradle: Possible local text file exfiltration by XML External entity injection (CVE-2023-42445)\n\n* gradle: Incorrect permission assignment for symlinked files used in copy or archiving operations (CVE-2023-44387)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:7678", "url": "https://access.redhat.com/errata/RHSA-2023:7678" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=2.6.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=2.6.0" }, { "category": "external", "summary": "2215229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229" }, { "category": "external", "summary": "2215465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465" }, { "category": "external", "summary": "2231491", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231491" }, { "category": "external", "summary": "2233112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233112" }, { "category": "external", "summary": "2235370", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370" }, { "category": "external", "summary": "2239634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239634" }, { "category": "external", "summary": "2242485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242485" }, { "category": "external", "summary": "2242538", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242538" }, { "category": "external", "summary": "2243436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243436" }, { "category": "external", "summary": "2246370", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246370" }, { "category": "external", "summary": "2246417", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246417" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7678.json" } ], "title": "Red Hat Security Advisory: Red Hat AMQ Streams 2.6.0 release and security update", "tracking": { "current_release_date": "2024-11-15T17:37:56+00:00", "generator": { "date": "2024-11-15T17:37:56+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:7678", "initial_release_date": "2023-12-06T23:30:39+00:00", "revision_history": [ { "date": "2023-12-06T23:30:39+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-12-06T23:30:39+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T17:37:56+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat AMQ Streams 2.6.0", "product": { "name": "Red Hat AMQ Streams 2.6.0", "product_id": "Red Hat AMQ Streams 2.6.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:amq_streams:2" } } } ], "category": "product_family", "name": "Red Hat JBoss AMQ" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-46751", "cwe": { "id": "CWE-91", "name": "XML Injection (aka Blind XPath Injection)" }, "discovery_date": "2023-08-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2233112" } ], "notes": [ { "category": "description", "text": "Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2.\n\nWhen Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used.\n\nThis can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways.\n\nStarting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed.\n\nUsers of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about \"JAXP Properties for External Access restrictions\" inside Oracle\u0027s \"Java API for XML Processing (JAXP) Security Guide\".\n\n", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-ivy: XML External Entity vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46751" }, { "category": "external", "summary": "RHBZ#2233112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233112" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46751", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46751" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46751", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46751" }, { "category": "external", "summary": "https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8", "url": "https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8" } ], "release_date": "2023-08-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-12-06T23:30:39+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7678" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.6.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-ivy: XML External Entity vulnerability" }, { "cve": "CVE-2023-2976", "cwe": { "id": "CWE-552", "name": "Files or Directories Accessible to External Parties" }, "discovery_date": "2023-06-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2215229" } ], "notes": [ { "category": "description", "text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.", "title": "Vulnerability description" }, { "category": "summary", "text": "guava: insecure temporary directory creation", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-2976" }, { "category": "external", "summary": "RHBZ#2215229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976" } ], "release_date": "2023-06-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-12-06T23:30:39+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7678" }, { "category": "workaround", "details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.", "product_ids": [ "Red Hat AMQ Streams 2.6.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.6.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "guava: insecure temporary directory creation" }, { "cve": "CVE-2023-5072", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-10-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2246417" } ], "notes": [ { "category": "description", "text": "A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "JSON-java: parser confusion leads to OOM", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability may cause denial of service with a small string input, causing the server to be unresponsive easily, hence the Important impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-5072" }, { "category": "external", "summary": "RHBZ#2246417", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246417" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-5072", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5072" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072" }, { "category": "external", "summary": "https://github.com/stleary/JSON-java/issues/758", "url": "https://github.com/stleary/JSON-java/issues/758" }, { "category": "external", "summary": "https://github.com/stleary/JSON-java/issues/771", "url": "https://github.com/stleary/JSON-java/issues/771" } ], "release_date": "2023-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-12-06T23:30:39+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7678" }, { "category": "workaround", "details": "No current mitigation is available for this flaw.", "product_ids": [ "Red Hat AMQ Streams 2.6.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.6.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JSON-java: parser confusion leads to OOM" }, { "cve": "CVE-2023-20873", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2023-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2231491" } ], "notes": [ { "category": "description", "text": "A flaw was found in Spring Boot. This targets specifically \u0027spring-boot-actuator-autoconfigure\u0027 package. This issue occurs when an application is deployed to Cloud Foundry, which could be susceptible to a security bypass.\r\n\r\nSpecifically, an application is vulnerable when all of the following are true:\r\n\r\n * You have code that can handle requests that match /cloudfoundryapplication/**. Typically, this will be if there is a catch-all request mapping which matches /**.\r\n * The application is deployed to Cloud Foundry.\r\n\r\nAn application is not vulnerable if any of the following is true:\r\n\r\n * The application is not deployed to Cloud Foundry\r\n * You have disabled Cloud Foundry actuator endpoints with management.cloudfoundry.enabled set to false.\r\n * Your application does not have handler mappings that can handle requests to /cloudfoundryapplication/**.", "title": "Vulnerability description" }, { "category": "summary", "text": "spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry", "title": "Vulnerability summary" }, { "category": "other", "text": "The following Red Hat products do not ship the affected software component and so are not affected:\n\n * Red Hat Enterprise Linux 8, 9\n * Enterprise Application Platform 6, 7, 8, XP\n * Data Grid 7, 8\n * Migration Toolkit for Runtimes\n * Red Hat Build of OptaPlanner\n * Red Hat Integration Camel-K\n * Red Hat AMQ Broker 7\n * Red Hat AMQ Clients 2\n * Red Hat AMQ Streams 2\n * Red Hat Fuse 6\n * Red Hat Fuse 7\n * Red Hat VertX 4\n\nThe following Red Hat products ship the affected software but do not enable or do not ship the vulnerable classes, and so are affected but at Low security impact.\n\n * Red Hat Decision Manager 7\n * Red Hat Process Automation Manager 7\n * Red Hat Single Sign-On 7", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-20873" }, { "category": "external", "summary": "RHBZ#2231491", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231491" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-20873", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20873" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20873", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20873" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-g5h3-w546-pj7f", "url": "https://github.com/advisories/GHSA-g5h3-w546-pj7f" }, { "category": "external", "summary": "https://spring.io/security/cve-2023-20873/", "url": "https://spring.io/security/cve-2023-20873/" } ], "release_date": "2023-05-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-12-06T23:30:39+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7678" }, { "category": "workaround", "details": "Disable Cloud Foundry actuator endpoints by setting \u0027management.cloudfoundry.enabled\u0027 to false.", "product_ids": [ "Red Hat AMQ Streams 2.6.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.6.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry" }, { "cve": "CVE-2023-31582", "cwe": { "id": "CWE-331", "name": "Insufficient Entropy" }, "discovery_date": "2023-10-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2246370" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jose4J which allows a malicious user or internal person to erroneously set a low iteration count of 1000 or less to secure the Json Web Token. This could apply to lack of entropy and leave the system less secure.", "title": "Vulnerability description" }, { "category": "summary", "text": "jose4j: Insecure iteration count setting", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw would require manually setting of the number of iterations under 1000 for Json Web Encryption, therefore, a malicious user would need previous access to modify it. Also, a user would still be able to set the variable incorrectly and make the environment less secure for JWE. This is currently rated as a moderate impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-31582" }, { "category": "external", "summary": "RHBZ#2246370", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246370" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-31582", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31582" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-31582", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31582" }, { "category": "external", "summary": "https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then", "url": "https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then" }, { "category": "external", "summary": "https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md", "url": "https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md" } ], "release_date": "2023-10-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-12-06T23:30:39+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7678" }, { "category": "workaround", "details": "No mitigation is currently available for this flaw.", "product_ids": [ "Red Hat AMQ Streams 2.6.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.6.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jose4j: Insecure iteration count setting" }, { "cve": "CVE-2023-33201", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-06-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2215465" } ], "notes": [ { "category": "description", "text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-33201" }, { "category": "external", "summary": "RHBZ#2215465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201" }, { "category": "external", "summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201", "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201" } ], "release_date": "2023-06-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-12-06T23:30:39+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7678" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.6.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate" }, { "cve": "CVE-2023-40167", "cwe": { "id": "CWE-130", "name": "Improper Handling of Length Parameter Inconsistency" }, "discovery_date": "2023-09-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2239634" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jetty that permits a plus sign (+) preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400 responses.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: Improper validation of HTTP/1 content-length", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-40167" }, { "category": "external", "summary": "RHBZ#2239634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40167", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40167" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6" }, { "category": "external", "summary": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6", "url": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6" } ], "release_date": "2023-09-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-12-06T23:30:39+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7678" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.6.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: Improper validation of HTTP/1 content-length" }, { "cve": "CVE-2023-41080", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2023-08-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2235370" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Open Redirect vulnerability in FORM authentication", "title": "Vulnerability summary" }, { "category": "other", "text": "The pki-servlet-engine package has been obsoleted by the Tomcat package. Therefore, this issue will be fixed in the Tomcat package rather than the pki-serlvet-engine package. Please follow the RHEL Tomcat trackers instead for the updates.\n\nRed Hat Satellite is not directly impacted by this issue, since it does not embed the dependency on their offer deliveries. However, end users of Red Hat Satellite are using Tomcat via RHEL channels, which provides Tomcat dependency needed by candlepin to function in Satellite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-41080" }, { "category": "external", "summary": "RHBZ#2235370", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-41080", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41080" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080" }, { "category": "external", "summary": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f", "url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f" } ], "release_date": "2023-08-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-12-06T23:30:39+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7678" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.6.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: Open Redirect vulnerability in FORM authentication" }, { "cve": "CVE-2023-42445", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2023-10-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2242538" } ], "notes": [ { "category": "description", "text": "A flaw was found in Gradle. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), parsing XML can lead to the exfiltration of local text files to a remote server. In most cases, Gradle parses XML files it generated, or that were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle.", "title": "Vulnerability description" }, { "category": "summary", "text": "gradle: Possible local text file exfiltration by XML External entity injection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-42445" }, { "category": "external", "summary": "RHBZ#2242538", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242538" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-42445", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42445" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42445", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42445" }, { "category": "external", "summary": "https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8", "url": "https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8" } ], "release_date": "2023-10-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-12-06T23:30:39+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7678" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.6.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gradle: Possible local text file exfiltration by XML External entity injection" }, { "cve": "CVE-2023-44387", "cwe": { "id": "CWE-732", "name": "Incorrect Permission Assignment for Critical Resource" }, "discovery_date": "2023-10-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2242485" } ], "notes": [ { "category": "description", "text": "A flaw was found in Gradle. When copying files or creating archives, Gradle does not preserve symbolic links, instead resolving them to their underlying target file, but permissions of the new file use those of the link instead of those from the target file. This issue can lead to files with broader permissions than intended, as symbolic links are usually world-readable and writeable.", "title": "Vulnerability description" }, { "category": "summary", "text": "gradle: Incorrect permission assignment for symlinked files used in copy or archiving operations", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-44387" }, { "category": "external", "summary": "RHBZ#2242485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242485" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44387", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44387" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44387", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44387" }, { "category": "external", "summary": "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9", "url": "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9" } ], "release_date": "2023-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-12-06T23:30:39+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7678" }, { "category": "workaround", "details": "User should follow the documentation to explicitly set permissions when copying or create archives: https://docs.gradle.org/current/userguide/working_with_files.html#sec:setting_file_permissions", "product_ids": [ "Red Hat AMQ Streams 2.6.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.6.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "gradle: Incorrect permission assignment for symlinked files used in copy or archiving operations" }, { "cve": "CVE-2023-44981", "cwe": { "id": "CWE-639", "name": "Authorization Bypass Through User-Controlled Key" }, "discovery_date": "2023-10-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2243436" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instance part in SASL authentication ID (which is optional), therefore, the server would skip this check and as a result, join the cluster and propagate information with complete read and write access.", "title": "Vulnerability description" }, { "category": "summary", "text": "zookeeper: Authorization Bypass in Apache ZooKeeper", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat AMQ 7 Broker and Red Hat AMQ Streams 2 use Zookeeper but do not use or enable the vulnerable functionality, Peer Authentication. They are affected at Moderate Impact by this flaw.\n\nRed Hat Fuse 7 uses Zookeeper but does not use any of its server capabilities and as such is not vulnerable, and so is affected at Low Impact by this flaw.\n\nRed Hat Process Automation Manager 7 and Red Hat Decision Manager 7 do not ship zookeeper, and so are not affected by this flaw.\n\nRed Hat Fuse 6 and AMQ 6 use Zookeeper but are not vulnerable to this flaw, and have been assessed as Important Impact and are as such out of security support scope for this flaw.\n\nRed Hat Business Process Manager Suite 6, Red Hat Business Rules Management Suite 6, Red Hat JBoss Data Virtualization 6, Red Hat OpenShift Application Runtime Vert-x, and Red Hat Fuse Service Works 6 are out of security support scope for this flaw.\n\nAs no Red Hat products are affected at Critical Impact by this flaw, its overall impact has been reduced to Important.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-44981" }, { "category": "external", "summary": "RHBZ#2243436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243436" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44981", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44981" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44981", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44981" }, { "category": "external", "summary": "https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b", "url": "https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b" } ], "release_date": "2023-10-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-12-06T23:30:39+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7678" }, { "category": "workaround", "details": "According to Apache\u0027s document: Ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue.", "product_ids": [ "Red Hat AMQ Streams 2.6.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.6.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "zookeeper: Authorization Bypass in Apache ZooKeeper" } ] }
wid-sec-w-2023-3070
Vulnerability from csaf_certbund
Published
2023-12-06 23:00
Modified
2024-05-23 22:00
Summary
Red Hat JBoss A-MQ: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JBoss A-MQ ist eine Messaging-Plattform.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss A-MQ ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "JBoss A-MQ ist eine Messaging-Plattform.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss A-MQ ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-3070 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3070.json" }, { "category": "self", "summary": "WID-SEC-2023-3070 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3070" }, { "category": "external", "summary": "Atlassian Security Bulletin December 12 2023 vom 2023-12-12", "url": "https://confluence.atlassian.com/security/security-bulletin-december-12-2023-1319249520.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0903 vom 2024-02-20", "url": "https://access.redhat.com/errata/RHSA-2024:0903" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0705 vom 2024-02-06", "url": "https://access.redhat.com/errata/RHSA-2024:0705" }, { "category": "external", "summary": "RedHat Security Advisory vom 2023-12-06", "url": "https://access.redhat.com/errata/RHSA-2023:7678" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:7697 vom 2023-12-07", "url": "https://access.redhat.com/errata/RHSA-2023:7697" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2945 vom 2024-05-21", "url": "https://access.redhat.com/errata/RHSA-2024:2945" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3354 vom 2024-05-24", "url": "https://access.redhat.com/errata/RHSA-2024:3354" } ], "source_lang": "en-US", "title": "Red Hat JBoss A-MQ: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-05-23T22:00:00.000+00:00", "generator": { "date": "2024-05-24T08:08:42.043+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-3070", "initial_release_date": "2023-12-06T23:00:00.000+00:00", "revision_history": [ { "date": "2023-12-06T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-12-07T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-12-12T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates aufgenommen" }, { "date": "2024-02-06T23:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-02-20T23:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-05-21T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-05-23T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "7" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c9.2.7", "product": { "name": "Atlassian Bamboo \u003c9.2.7", "product_id": "1529586", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bamboo:9.2.7" } } }, { "category": "product_version_range", "name": "\u003c9.3.5", "product": { "name": "Atlassian Bamboo \u003c9.3.5", "product_id": "T031324", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bamboo:9.3.5" } } } ], "category": "product_name", "name": "Bamboo" }, { "branches": [ { "category": "product_version_range", "name": "\u003c7.21.18", "product": { "name": "Atlassian Bitbucket \u003c7.21.18", "product_id": "T031325", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:7.21.18" } } }, { "category": "product_version_range", "name": "\u003c8.9.7", "product": { "name": "Atlassian Bitbucket \u003c8.9.7", "product_id": "T031614", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:8.9.7" } } }, { "category": "product_version_range", "name": "\u003c8.11.6", "product": { "name": "Atlassian Bitbucket \u003c8.11.6", "product_id": "T031615", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:8.11.6" } } }, { "category": "product_version_range", "name": "\u003c8.12.4", "product": { "name": "Atlassian Bitbucket \u003c8.12.4", "product_id": "T031616", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:8.12.4" } } }, { "category": "product_version_range", "name": "\u003c8.13.3", "product": { "name": "Atlassian Bitbucket \u003c8.13.3", "product_id": "T031617", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:8.13.3" } } }, { "category": "product_version_range", "name": "\u003c8.14.2", "product": { "name": "Atlassian Bitbucket \u003c8.14.2", "product_id": "T031618", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:8.14.2" } } } ], "category": "product_name", "name": "Bitbucket" }, { "branches": [ { "category": "product_version_range", "name": "\u003c8.3.4", "product": { "name": "Atlassian Confluence \u003c8.3.4", "product_id": "T030846", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.3.4" } } }, { "category": "product_version_range", "name": "\u003c7.19.17", "product": { "name": "Atlassian Confluence \u003c7.19.17", "product_id": "T031609", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:7.19.17" } } }, { "category": "product_version_range", "name": "\u003c8.4.5", "product": { "name": "Atlassian Confluence \u003c8.4.5", "product_id": "T031610", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.4.5" } } }, { "category": "product_version_range", "name": "\u003c8.5.4", "product": { "name": "Atlassian Confluence \u003c8.5.4", "product_id": "T031611", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.5.4" } } }, { "category": "product_version_range", "name": "\u003c8.6.2", "product": { "name": "Atlassian Confluence \u003c8.6.2", "product_id": "T031612", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.6.2" } } }, { "category": "product_version_range", "name": "\u003c8.7.1", "product": { "name": "Atlassian Confluence \u003c8.7.1", "product_id": "T031613", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.7.1" } } } ], "category": "product_name", "name": "Confluence" }, { "branches": [ { "category": "product_version_range", "name": "\u003c9.4.13", "product": { "name": "Atlassian Jira Software \u003c9.4.13", "product_id": "T031606", "product_identification_helper": { "cpe": "cpe:/a:atlassian:jira_software:9.4.13" } } }, { "category": "product_version_range", "name": "Service Management \u003c4.20.28", "product": { "name": "Atlassian Jira Software Service Management \u003c4.20.28", "product_id": "T031607", "product_identification_helper": { "cpe": "cpe:/a:atlassian:jira_software:service_management__4.20.28" } } }, { "category": "product_version_range", "name": "Service Management \u003c5.4.12", "product": { "name": "Atlassian Jira Software Service Management \u003c5.4.12", "product_id": "T031608", "product_identification_helper": { "cpe": "cpe:/a:atlassian:jira_software:service_management__5.4.12" } } } ], "category": "product_name", "name": "Jira Software" } ], "category": "vendor", "name": "Atlassian" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "branches": [ { "category": "product_version_range", "name": "\u003c2.6.0 Streams", "product": { "name": "Red Hat JBoss A-MQ \u003c2.6.0 Streams", "product_id": "T031506", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_amq:2.6.0_streams" } } }, { "category": "product_version", "name": "Clients 3", "product": { "name": "Red Hat JBoss A-MQ Clients 3", "product_id": "T031509", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_amq:clients_3" } } }, { "category": "product_version_range", "name": "Broker \u003c7.12.0", "product": { "name": "Red Hat JBoss A-MQ Broker \u003c7.12.0", "product_id": "T034934", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_amq:broker__7.12.0" } } } ], "category": "product_name", "name": "JBoss A-MQ" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-46751", "notes": [ { "category": "description", "text": "In Red Hat JBoss A-MQ existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "67646", "T031325", "T031611", "T031614", "T034934", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031509", "T031608" ] }, "release_date": "2023-12-06T23:00:00Z", "title": "CVE-2022-46751" }, { "cve": "CVE-2023-20873", "notes": [ { "category": "description", "text": "In Red Hat JBoss A-MQ existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "67646", "T031325", "T031611", "T031614", "T034934", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031509", "T031608" ] }, "release_date": "2023-12-06T23:00:00Z", "title": "CVE-2023-20873" }, { "cve": "CVE-2023-2976", "notes": [ { "category": "description", "text": "In Red Hat JBoss A-MQ existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "67646", "T031325", "T031611", "T031614", "T034934", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031509", "T031608" ] }, "release_date": "2023-12-06T23:00:00Z", "title": "CVE-2023-2976" }, { "cve": "CVE-2023-31582", "notes": [ { "category": "description", "text": "In Red Hat JBoss A-MQ existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "67646", "T031325", "T031611", "T031614", "T034934", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031509", "T031608" ] }, "release_date": "2023-12-06T23:00:00Z", "title": "CVE-2023-31582" }, { "cve": "CVE-2023-33201", "notes": [ { "category": "description", "text": "In Red Hat JBoss A-MQ existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "67646", "T031325", "T031611", "T031614", "T034934", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031509", "T031608" ] }, "release_date": "2023-12-06T23:00:00Z", "title": "CVE-2023-33201" }, { "cve": "CVE-2023-40167", "notes": [ { "category": "description", "text": "In Red Hat JBoss A-MQ existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "67646", "T031325", "T031611", "T031614", "T034934", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031509", "T031608" ] }, "release_date": "2023-12-06T23:00:00Z", "title": "CVE-2023-40167" }, { "cve": "CVE-2023-41080", "notes": [ { "category": "description", "text": "In Red Hat JBoss A-MQ existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "67646", "T031325", "T031611", "T031614", "T034934", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031509", "T031608" ] }, "release_date": "2023-12-06T23:00:00Z", "title": "CVE-2023-41080" }, { "cve": "CVE-2023-42445", "notes": [ { "category": "description", "text": "In Red Hat JBoss A-MQ existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "67646", "T031325", "T031611", "T031614", "T034934", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031509", "T031608" ] }, "release_date": "2023-12-06T23:00:00Z", "title": "CVE-2023-42445" }, { "cve": "CVE-2023-44387", "notes": [ { "category": "description", "text": "In Red Hat JBoss A-MQ existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "67646", "T031325", "T031611", "T031614", "T034934", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031509", "T031608" ] }, "release_date": "2023-12-06T23:00:00Z", "title": "CVE-2023-44387" }, { "cve": "CVE-2023-44981", "notes": [ { "category": "description", "text": "In Red Hat JBoss A-MQ existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "67646", "T031325", "T031611", "T031614", "T034934", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031509", "T031608" ] }, "release_date": "2023-12-06T23:00:00Z", "title": "CVE-2023-44981" }, { "cve": "CVE-2023-5072", "notes": [ { "category": "description", "text": "In Red Hat JBoss A-MQ existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "67646", "T031325", "T031611", "T031614", "T034934", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031509", "T031608" ] }, "release_date": "2023-12-06T23:00:00Z", "title": "CVE-2023-5072" } ] }
gsd-2023-44387
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2023-44387", "id": "GSD-2023-44387" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-44387" ], "details": "Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file.", "id": "GSD-2023-44387", "modified": "2023-12-13T01:20:39.056529Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2023-44387", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "gradle", "version": { "version_data": [ { "version_affected": "=", "version_value": "\u003e= 7.6.0, \u003c 7.6.3" }, { "version_affected": "=", "version_value": "\u003c 8.4.0" } ] } } ] }, "vendor_name": "gradle" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file." } ] }, "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-732", "lang": "eng", "value": "CWE-732: Incorrect Permission Assignment for Critical Resource" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9", "refsource": "MISC", "url": "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9" }, { "name": "https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7", "refsource": "MISC", "url": "https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7" }, { "name": "https://github.com/gradle/gradle/releases/tag/v7.6.3", "refsource": "MISC", "url": "https://github.com/gradle/gradle/releases/tag/v7.6.3" }, { "name": "https://github.com/gradle/gradle/releases/tag/v8.4.0", "refsource": "MISC", "url": "https://github.com/gradle/gradle/releases/tag/v8.4.0" }, { "name": "https://security.netapp.com/advisory/ntap-20231110-0006/", "refsource": "MISC", "url": "https://security.netapp.com/advisory/ntap-20231110-0006/" } ] }, "source": { "advisory": "GHSA-43r3-pqhv-f7h9", "discovery": "UNKNOWN" } }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", "matchCriteriaId": "77803A01-94E7-4C76-BAF3-ED44AE596010", "versionEndExcluding": "7.6.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", "matchCriteriaId": "E104EF19-8B72-4A31-B2AC-8312F7C6452F", "versionEndExcluding": "8.4.0", "versionStartIncluding": "8.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file." }, { "lang": "es", "value": "Gradle es una herramienta de compilaci\u00f3n centrada en la automatizaci\u00f3n de la compilaci\u00f3n y soporte para el desarrollo en varios idiomas. Al copiar o archivar archivos vinculados simb\u00f3licamente, Gradle los resuelve pero aplica los permisos del enlace simb\u00f3lico en lugar de los permisos del archivo vinculado al archivo resultante. Esto lleva a que los archivos tengan demasiados permisos, dado que los enlaces simb\u00f3licos suelen ser legibles y escribibles por todo el mundo. Si bien es poco probable que esto resulte en una vulnerabilidad directa para la compilaci\u00f3n afectada, puede abrir vectores de ataque dependiendo de d\u00f3nde terminen copi\u00e1ndose o desarchiv\u00e1ndose los artefactos de la compilaci\u00f3n. En las versiones 7.6.3, 8.4 y superiores, Gradle ahora usar\u00e1 correctamente los permisos del archivo al que apunta el enlace simb\u00f3lico para establecer los permisos del archivo copiado o archivado." } ], "id": "CVE-2023-44387", "lastModified": "2024-01-21T01:54:43.317", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.5, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary" } ] }, "published": "2023-10-05T18:15:12.787", "references": [ { "source": "security-advisories@github.com", "tags": [ "Patch" ], "url": "https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7" }, { "source": "security-advisories@github.com", "tags": [ "Release Notes" ], "url": "https://github.com/gradle/gradle/releases/tag/v7.6.3" }, { "source": "security-advisories@github.com", "tags": [ "Release Notes" ], "url": "https://github.com/gradle/gradle/releases/tag/v8.4.0" }, { "source": "security-advisories@github.com", "tags": [ "Vendor Advisory" ], "url": "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9" }, { "source": "security-advisories@github.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20231110-0006/" } ], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-732" } ], "source": "security-advisories@github.com", "type": "Primary" } ] } } } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.