Back to bug 2065505
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Chess Hazlett | 2022-03-18 01:37:24 UTC | CC | security-response-team | |
| Michael Kaplan | 2022-04-20 12:44:24 UTC | Alias | CVE-2022-1415 | |
| Summary | EMBARGOED drools: unsafe data deserialization in StreamUtils | EMBARGOED CVE-2022-1415 drools: unsafe data deserialization in StreamUtils | ||
| Tibor Zimanyi | 2022-04-20 14:21:20 UTC | CC | dward | |
| Tibor Zimanyi | 2022-04-21 07:01:47 UTC | CC | tkobayas | |
| Red Hat Bugzilla | 2022-07-31 22:42:21 UTC | CC | tzimanyi | |
| Red Hat Bugzilla | 2022-08-12 04:38:06 UTC | CC | etirelli | |
| Red Hat Bugzilla | 2022-10-28 13:12:48 UTC | CC | krathod | |
| Chess Hazlett | 2022-10-28 16:45:29 UTC | Priority | high | medium |
| Severity | high | medium | ||
| Chess Hazlett | 2022-10-28 16:47:25 UTC | Summary | EMBARGOED CVE-2022-1415 drools: unsafe data deserialization in StreamUtils | CVE-2022-1415 drools: unsafe data deserialization in StreamUtils |
| CC | etirelli, gjospin, krathod | |||
| Group | qe_staff, security | |||
| Chess Hazlett | 2022-10-28 17:21:05 UTC | Fixed In Version | drools 7.69.0.Final | |
| Chess Hazlett | 2022-10-28 17:50:45 UTC | CC | aileenc, asoldano, avibelli, balejosg, bbaranow, bgeorges, bmaxwell, brian.stansberry, cdewolf, chazlett, clement.escoffier, dandread, darran.lofthouse, dkreling, dosoudil, fjuma, fmongiar, gmalinko, gsmet, hamadhan, iweiss, janstey, jnethert, jochrist, jolee, jpavlik, jpoth, jschatte, jwon, lgao, lthon, mosmerov, msochure, msvehla, nwallace, pantinor, pdelbell, peholase, pgallagh, pmackay, probinso, rruss, rstancel, rsvoboda, sbiarozk, sdouglas, smaestri, tcunning, tom.jenkinson, yfang | |
| Chess Hazlett | 2022-10-29 03:03:31 UTC | Doc Text | It was found that some utility classes in Drools core did not use proper safeguards when deserializing data. An authed attacker could construct malicious serialized objects (usually called gadgets) and use this flaw to achieve code execution on the server. | |
| RaTasha Tillery-Smith | 2022-10-31 12:55:27 UTC | Doc Text | It was found that some utility classes in Drools core did not use proper safeguards when deserializing data. An authed attacker could construct malicious serialized objects (usually called gadgets) and use this flaw to achieve code execution on the server. | A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server. |
| Red Hat Bugzilla | 2022-11-14 23:22:48 UTC | CC | jstastny | |
| Red Hat Bugzilla | 2023-05-15 18:03:42 UTC | CC | rrajasek | |
| Red Hat Bugzilla | 2023-07-07 08:29:21 UTC | Assignee | security-response-team | nobody |
| CC | security-response-team | |||
| Red Hat Bugzilla | 2023-07-21 22:26:26 UTC | CC | jpavlik |
Back to bug 2065505